Message	Id	Version	Qualifiers	Level	Task	Opcode	Keywords	RecordId	ProviderName	ProviderId	LogName	ProcessId	ThreadId	MachineName	UserId	TimeCreated	ActivityId	RelatedActivityId	ContainerLog	MatchedQueryIds	Bookmark	LevelDisplayName	OpcodeDisplayName	TaskDisplayName	KeywordsDisplayNames	Properties
PowerShell console is ready for user input	40962	1		4	4	2	0	1956	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1052	592	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:19 PM	e5295ba9-9827-0001-af5d-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1052 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1955	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1052	2368	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:19 PM	e5295ba9-9827-0001-af5d-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1954	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1052	592	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:19 PM	e5295ba9-9827-0001-af5d-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 07508646-0919-4f4d-9197-01b697f3e281 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 8a780170-cfc4-4611-ab9f-018dc5258759 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1953	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4924	2140	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:19 PM	e5295ba9-9827-0001-8a5d-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 4383cfac-38f3-4c8b-a5a3-aa3d98af503d Path:	4104	1		3	2	15	0	1952	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4924	3360	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:18 PM	e5295ba9-9827-0003-b06f-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: e7552450-4158-4439-988f-c62beec099b7 Path:	4104	1		3	2	15	0	1951	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4924	3360	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:18 PM	e5295ba9-9827-0003-a96f-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 66a51d41-4933-441b-9915-73be90c87abc Path:	4104	1		3	2	15	0	1950	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4924	3360	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:18 PM	e5295ba9-9827-0003-9a6f-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): Fuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "C:\\collect-event-log.ps1", "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 1a7d3b85-f589-4998-b623-ad76684d26b5 Path:	4104	1		3	2	15	0	1949	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4924	3360	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:18 PM	e5295ba9-9827-0002-ef6f-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): 2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LU ScriptBlock ID: 1a7d3b85-f589-4998-b623-ad76684d26b5 Path:	4104	1		3	2	15	0	1948	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4924	3360	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:18 PM	e5295ba9-9827-0002-ef6f-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): 3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc ScriptBlock ID: 1a7d3b85-f589-4998-b623-ad76684d26b5 Path:	4104	1		3	2	15	0	1947	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4924	3360	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:18 PM	e5295ba9-9827-0002-ef6f-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b ScriptBlock ID: 1a7d3b85-f589-4998-b623-ad76684d26b5 Path:	4104	1		3	2	15	0	1946	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4924	3360	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:18 PM	e5295ba9-9827-0002-ef6f-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1945	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4924	3756	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:18 PM	e5295ba9-9827-0002-ed6f-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4924 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1944	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4924	1816	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:18 PM	e5295ba9-9827-0002-ed6f-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1943	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4924	3756	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:18 PM	e5295ba9-9827-0002-ed6f-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1942	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3916	3468	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:15 PM	e5295ba9-9827-0001-305d-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3916 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1941	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3916	3884	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:15 PM	e5295ba9-9827-0001-305d-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1940	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3916	3468	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:15 PM	e5295ba9-9827-0001-305d-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1939	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3868	3384	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:15 PM	e5295ba9-9827-0001-2c5d-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3868 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1938	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3868	1000	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:15 PM	e5295ba9-9827-0001-2c5d-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1937	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3868	3384	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:15 PM	e5295ba9-9827-0001-2c5d-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: 6187478c-a943-4dee-a633-460334666abf Path:	4104	1		3	2	15	0	1936	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	844	2124	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:14 PM	e5295ba9-9827-0003-4e6f-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 8e94e7f1-5b79-4310-89fb-331c19327082 Path:	4104	1		3	2	15	0	1935	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	844	2540	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:14 PM	e5295ba9-9827-0004-acf5-2ee52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: e2b13ab9-1d2a-4609-ae86-21e4f41f2f17 Path:	4104	1		3	2	15	0	1934	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	844	2540	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:14 PM	e5295ba9-9827-0003-406f-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): oVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "src": "C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1629729071.42-149075018056592\\source", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "dest": "C:\\collect-event-log.ps1", "checksum": "f0e4c7145db8c7eba44bc8a5b81542c17749bbda", "_ansible_module_name": "copy", "_ansible_debug": false, "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_original_basename": "collect-event-log.ps1", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "mode": null, "_ansible_check_mode": false, "_ansible_shell_executable": "/bin/sh", "follow": false, "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1629729071.42-149075018056592'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 380a9076-e529-4b7e-930c-28f43072a9a3 Path:	4104	1		3	2	15	0	1933	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	844	2540	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:14 PM	e5295ba9-9827-0003-3a6f-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): 9yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCA ScriptBlock ID: 380a9076-e529-4b7e-930c-28f43072a9a3 Path:	4104	1		3	2	15	0	1932	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	844	2540	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:14 PM	e5295ba9-9827-0003-3a6f-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ2 ScriptBlock ID: 380a9076-e529-4b7e-930c-28f43072a9a3 Path:	4104	1		3	2	15	0	1931	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	844	2540	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:14 PM	e5295ba9-9827-0003-3a6f-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1930	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	844	4968	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:14 PM	e5295ba9-9827-0001-255d-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 844 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1929	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	844	1168	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:13 PM	e5295ba9-9827-0001-255d-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1928	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	844	4968	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:13 PM	e5295ba9-9827-0001-255d-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): begin { $path = 'C:\Users\Admin\AppData\Local\Temp\ansible-tmp-1629729071.42-149075018056592\source' $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 $fd = [System.IO.File]::Create($path) $sha1 = [System.Security.Cryptography.SHA1CryptoServiceProvider]::Create() $bytes = @() #initialize for empty file case } process { $bytes = [System.Convert]::FromBase64String($input) $sha1.TransformBlock($bytes, 0, $bytes.Length, $bytes, 0) | Out-Null $fd.Write($bytes, 0, $bytes.Length) } end { $sha1.TransformFinalBlock($bytes, 0, 0) | Out-Null $hash = [System.BitConverter]::ToString($sha1.Hash).Replace("-", "").ToLowerInvariant() $fd.Close() Write-Output "{""sha1"":""$hash""}" } ScriptBlock ID: 876ee9da-19ad-4a1a-8ef4-3def65c9ff8c Path:	4104	1		3	2	15	0	1927	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4104	4636	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:13 PM	e5295ba9-9827-0001-1a5d-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1926	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4104	4624	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:13 PM	e5295ba9-9827-0002-da6f-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4104 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1925	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4104	3828	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:13 PM	e5295ba9-9827-0002-da6f-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1924	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4104	4624	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:13 PM	e5295ba9-9827-0002-da6f-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: ff7997b1-67c6-48b3-aacf-95eb825d4fc5 Path:	4104	1		3	2	15	0	1923	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4564	1220	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:12 PM	e5295ba9-9827-0001-125d-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): .ToLower()) the privilege '$Name' as it has been removed from the token" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() if ($PSCmdlet.ShouldProcess($Name, "$action the privilege $Name")) { $new_state = New-Object -TypeName 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' $new_state.Add($Name, $Value) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process_token, $new_state) > $null } } Export-ModuleMember -Function Import-PrivilegeUtil, Get-AnsiblePrivilege, Set-AnsiblePrivilege ` -Variable ansible_privilege_util_namespaces, ansible_privilege_util_code ScriptBlock ID: 43560f35-3b1d-4ea5-b98f-cb01b97bb7ef Path:	4104	1		3	2	15	0	1922	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4564	1220	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:12 PM	e5295ba9-9827-0001-0e5d-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): # Copyright (c) 2018 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) # store in separate variables to make it easier for other module_utils to # share this code in their own c# code $ansible_privilege_util_namespaces = @( "Microsoft.Win32.SafeHandles", "System", "System.Collections.Generic", "System.Linq", "System.Runtime.InteropServices", "System.Security.Principal", "System.Text" ) $ansible_privilege_util_code = @' namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } } '@ Function Import-PrivilegeUtil { <# .SYNOPSIS Compiles the C# code that can be used to manage Windows privileges from an Ansible module. Once this function is called, the following PowerShell cmdlets can be used; Get-AnsiblePrivilege Set-AnsiblePrivilege The above cmdlets give the ability to manage permissions on the current process token but the underlying .NET classes are also exposed for greater control. The following functions can be used by calling the .NET class [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($name) [Ansible.PrivilegeUtil.Privileges]::DisablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::DisableAllPrivileges($process) [Ansible.PrivilegeUtil.Privileges]::EnablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process) [Ansible.PrivilegeUtil.Privileges]::RemovePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process, $new_state) Here is a brief explanation of each type of arg $process = The process handle to manipulate, use '[Ansible.PrivilegeUtils.Privileges]::GetCurrentProcess()' to get the current process handle $name = The name of the privilege, this is the constant value from https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants, e.g. SeAuditPrivilege $new_state = 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' The key is the constant name as a string, the value is a ternary boolean where true - will enable the privilege false - will disable the privilege null - will remove the privilege Each method that changes the privilege state will return a dictionary that can be used as the $new_state arg of SetTokenPrivileges to undo and revert back to the original state. If you remove a privilege then this is irreversible and won't be part of the returned dict #> [CmdletBinding()] # build the C# code to compile $namespace_import = ($ansible_privilege_util_namespaces | ForEach-Object { "using $_;" }) -join "`r`n" $platform_util = "$namespace_import`r`n`r`n$ansible_privilege_util_code" # FUTURE: find a better way to get the _ansible_remote_tmp variable # this is used to force csc to compile the C# code in the remote tmp # specified $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $platform_util $env:TMP = $original_tmp } Function Get-AnsiblePrivilege { <# .SYNOPSIS Get the status of a privilege for the current process. This returns $true - the privilege is enabled $false - the privilege is disabled $null - the privilege is removed from the token If Name is not a valid privilege name, this will throw an ArgumentException. .EXAMPLE Get-AnsiblePrivilege -Name SeDebugPrivilege #> [CmdletBinding()] param( [Parameter(Mandatory=$true)][String]$Name ) if (-not [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($Name)) { throw [System.ArgumentException] "Invalid privilege name '$Name'" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() $privilege_info = [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process_token) if ($privilege_info.ContainsKey($Name)) { $status = $privilege_info.$Name return $status.HasFlag([Ansible.PrivilegeUtil.PrivilegeAttributes]::Enabled) } else { return $null } } Function Set-AnsiblePrivilege { <# .SYNOPSIS Enables/Disables a privilege on the current process' token. If a privilege has been removed from the process token, this will throw an InvalidOperationException. .EXAMPLE # enable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $true # disable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $false #> [CmdletBinding(SupportsShouldProcess)] param( [Parameter(Mandatory=$true)][String]$Name, [Parameter(Mandatory=$true)][bool]$Value ) $action = switch($Value) { $true { "Enable" } $false { "Disable" } } $current_state = Get-AnsiblePrivilege -Name $Name if ($current_state -eq $Value) { return # no change needs to occur } elseif ($null -eq $current_state) { # once a privilege is removed from a token we cannot do anything with it throw [System.InvalidOperationException] "Cannot $($action ScriptBlock ID: 43560f35-3b1d-4ea5-b98f-cb01b97bb7ef Path:	4104	1		3	2	15	0	1921	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4564	1220	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:12 PM	e5295ba9-9827-0001-0e5d-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) #Requires -Module Ansible.ModuleUtils.PrivilegeUtil Function Load-LinkUtils() { $link_util = @' using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } } '@ # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $link_util $env:TMP = $original_tmp Import-PrivilegeUtil # enable the SeBackupPrivilege if it is disabled $state = Get-AnsiblePrivilege -Name SeBackupPrivilege if ($state -eq $false) { Set-AnsiblePrivilege -Name SeBackupPrivilege -Value $true } } Function Get-Link($link_path) { $link_info = [Ansible.LinkUtil]::GetLinkInfo($link_path) return $link_info } Function Remove-Link($link_path) { [Ansible.LinkUtil]::DeleteLink($link_path) } Function New-Link($link_path, $link_target, $link_type) { if (-not (Test-Path -Path $link_target)) { throw "link_target '$link_target' does not exist, cannot create link" } switch($link_type) { "link" { $type = [Ansible.LinkType]::SymbolicLink } "junction" { if (Test-Path -Path $link_target -PathType Leaf) { throw "cannot set the target for a junction point to a file" } $type = [Ansible.LinkType]::JunctionPoint } "hard" { if (Test-Path -Path $link_target -PathType Container) { throw "cannot set the target for a hard link to a directory" } $type = [Ansible.LinkType]::HardLink } default { throw "invalid link_type option $($link_type): expecting link, junction, hard" } } [Ansible.LinkUtil]::CreateLink($link_path, $link_target, $type) } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 14ed54f3-0ba9-49e6-b8e8-878adf2596f7 Path:	4104	1		3	2	15	0	1920	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4564	1220	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:12 PM	e5295ba9-9827-0005-b685-2de52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: d461ec23-8605-4a9f-aa56-8abc02de6b80 Path:	4104	1		3	2	15	0	1919	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4564	1220	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:12 PM	e5295ba9-9827-0005-a785-2de52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 6): HBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5GaWxlVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxpbmtVdGlsCgpmdW5jdGlvbiBEYXRlVG8tVGltZXN0YW1wKCRzdGFydF9kYXRlLCAkZW5kX2RhdGUpIHsKICAgIGlmICgkc3RhcnRfZGF0ZSAtYW5kICRlbmRfZGF0ZSkgewogICAgICAgIHJldHVybiAoTmV3LVRpbWVTcGFuIC1TdGFydCAkc3RhcnRfZGF0ZSAtRW5kICRlbmRfZGF0ZSkuVG90YWxTZWNvbmRzCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJwYXRoIiAtdHlwZSAicGF0aCIgLWZhaWxpZmVtcHR5ICR0cnVlIC1hbGlhc2VzICJkZXN0IiwibmFtZSIKJGdldF9tZDUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2V0X21kNSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokZ2V0X2NoZWNrc3VtID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImdldF9jaGVja3N1bSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCiRjaGVja3N1bV9hbGdvcml0aG0gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hlY2tzdW1fYWxnb3JpdGhtIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAic2hhMSIgLXZhbGlkYXRlc2V0ICJtZDUiLCJzaGExIiwic2hhMjU2Iiwic2hhMzg0Iiwic2hhNTEyIgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCiAgICBzdGF0ID0gQHsKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfQoKIyBnZXRfbWQ1IHdpbGwgYmUgYW4gdW5kb2N1bWVudGVkIG9wdGlvbiBpbiAyLjkgdG8gYmUgcmVtb3ZlZCBhdCBhIGxhdGVyCiMgZGF0ZSBpZiBwb3NzaWJsZSAoMy4wKykKaWYgKEdldC1NZW1iZXIgLWlucHV0b2JqZWN0ICRwYXJhbXMgLW5hbWUgImdldF9tZDUiKSB7CiAgICBBZGQtRGVwcmVhY3Rpb25XYXJuaW5nIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiZ2V0X21kNSBoYXMgYmVlbiBkZXByZWNhdGVkIGFsb25nIHdpdGggdGhlIG1kNSByZXR1cm4gdmFsdWUsIHVzZSBnZXRfY2hlY2tzdW09VHJ1ZSBhbmQgY2hlY2tzdW1fYWxnb3JpdGhtPW1kNSBpbnN0ZWFkIiAtdmVyc2lvbiAyLjkKfQoKJGluZm8gPSBHZXQtQW5zaWJsZUl0ZW0gLVBhdGggJHBhdGggLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKSWYgKCRpbmZvIC1uZSAkbnVsbCkgewogICAgJGVwb2NoX2RhdGUgPSBHZXQtRGF0ZSAtRGF0ZSAiMDEvMDEvMTk3MCIKICAgICRhdHRyaWJ1dGVzID0gQCgpCiAgICBmb3JlYWNoICgkYXR0cmlidXRlIGluICgkaW5mby5BdHRyaWJ1dGVzIC1zcGxpdCAnLCcpKSB7CiAgICAgICAgJGF0dHJpYnV0ZXMgKz0gJGF0dHJpYnV0ZS5UcmltKCkKICAgIH0KCiAgICAjIGRlZmF1bHQgdmFsdWVzIHRoYXQgYXJlIGFsd2F5cyBzZXQsIHNwZWNpZmljIHZhbHVlcyBhcmUgc2V0IGJlbG93IHRoaXMKICAgICMgYnV0IGFyZSBrZXB0IGNvbW1lbnRlZCBmb3IgZWFzaWVyIHJlYWRhYmlsaXR5CiAgICAkc3RhdCA9IEB7CiAgICAgICAgZXhpc3RzID0gJHRydWUKICAgICAgICBhdHRyaWJ1dGVzID0gJGluZm8uQXR0cmlidXRlcy5Ub1N0cmluZygpCiAgICAgICAgaXNhcmNoaXZlID0gKCRhdHRyaWJ1dGVzIC1jb250YWlucyAiQXJjaGl2ZSIpCiAgICAgICAgaXNkaXIgPSAkZmFsc2UKICAgICAgICBpc2hpZGRlbiA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIkhpZGRlbiIpCiAgICAgICAgaXNqdW5jdGlvbiA9ICRmYWxzZQogICAgICAgIGlzbG5rID0gJGZhbHNlCiAgICAgICAgaXNyZWFkb25seSA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIlJlYWRPbmx5IikKICAgICAgICBpc3JlZyA9ICRmYWxzZQogICAgICAgIGlzc2hhcmVkID0gJGZhbHNlCiAgICAgICAgbmxpbmsgPSAxICAjIE51bWJlciBvZiBsaW5rcyB0byB0aGUgZmlsZSAoaGFyZCBsaW5rcyksIG92ZXJyaWRlbiBiZWxvdyBpZiBpc2xuawogICAgICAgICMgbG5rX3RhcmdldCA9IGlzbG5rIG9yIGlzanVuY3Rpb24gVGFyZ2V0IG9mIHRoZSBzeW1saW5rLiBOb3RlIHRoYXQgcmVsYXRpdmUgcGF0aHMgcmVtYWluIHJlbGF0aXZlCiAgICAgICAgIyBsbmtfc291cmNlID0gaXNsbmsgb3MgaXNqdW5jdGlvbiBUYXJnZXQgb2YgdGhlIHN5bWxpbmsgbm9ybWFsaXplZCBmb3IgdGhlIHJlbW90ZSBmaWxlc3lzdGVtCiAgICAgICAgaGxua190YXJnZXRzID0gQCgpCiAgICAgICAgY3JlYXRpb250aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkNyZWF0aW9uVGltZSkKICAgICAgICBsYXN0YWNjZXNzdGltZSA9IChEYXRlVG8tVGltZXN0YW1wIC1zdGFydF9kYXRlICRlcG9jaF9kYXRlIC1lbmRfZGF0ZSAkaW5mby5MYXN0QWNjZXNzVGltZSkKICAgICAgICBsYXN0d3JpdGV0aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkxhc3RXcml0ZVRpbWUpCiAgICAgICAgIyBzaXplID0gYSBmaWxlIGFuZCBkaXJlY3RvcnkgLSBjYWxjdWxhdGVkIGJlbG93CiAgICAgICAgcGF0aCA9ICRpbmZvLkZ1bGxOYW1lCiAgICAgICAgZmlsZW5hbWUgPSAkaW5mby5OYW1lCiAgICAgICAgIyBleHRlbnNpb24gPSBhIGZpbGUKICAgICAgICAjIG93bmVyID0gc2V0IG91dHNpdGUgdGhpcyBkaWN0IGluIGNhc2UgaXQgZmFpbHMKICAgICAgICAjIHNoYXJlbmFtZSA9IGEgZGlyZWN0b3J5IGFuZCBpc3NoYXJlZCBpcyBUcnVlCiAgICAgICAgIyBjaGVja3N1bSA9IGEgZmlsZSBhbmQgZ2V0X2NoZWNrc3VtOiBUcnVlCiAgICAgICAgIyBtZDUgPSBhIGZpbGUgYW5kIGdldF9tZDU6IFRydWUKICAgIH0KICAgICRzdGF0Lm93bmVyID0gJGluZm8uR2V0QWNjZXNzQ29udHJvbCgpLk93bmVyCgogICAgIyB2YWx1ZXMgdGhhdCBhcmUgc2V0IGFjY29yZGluZyB0byB0aGUgdHlwZSBvZiBmaWxlCiAgICBpZiAoJGluZm8uQXR0cmlidXRlcy5IYXNGbGFnKFtTeXN0ZW0uSU8uRmlsZUF0dHJpYnV0ZXNdOjpEaXJlY3RvcnkpKSB7CiAgICAgICAgJHN0YXQuaXNkaXIgPSAkdHJ1ZQogICAgICAgICRzaGFyZV9pbmZvID0gR2V0LVdtaU9iamVjdCAtQ2xhc3MgV2luMzJfU2hhcmUgLUZpbHRlciAiUGF0aD0nJCgkc3RhdC5wYXRoIC1yZXBsYWNlICdcXCcsICdcXCcpJyIKICAgICAgICBpZiAoJHNoYXJlX2luZm8gLW5lICRudWxsKSB7CiAgICAgICAgICAgICRzdGF0Lmlzc2hhcmVkID0gJHRydWUKICAgICAgICAgICAgJHN0YXQuc2hhcmVuYW1lID0gJHNoYXJlX2luZm8uTmFtZQogICAgICAgIH0KCiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHNpemUgPSAwCiAgICAgICAgICAgIGZvcmVhY2ggKCRmaWxlIGluICRpbmZvLkVudW1lcmF0ZUZpbGVzKCIqIiwgW1N5c3RlbS5JTy5TZWFyY2hPcHRpb25dOjpBbGxEaXJlY3RvcmllcykpIHsKICAgICAgICAgICAgICAgICRzaXplICs9ICRmaWxlLkxlbmd0aAogICAgICAgICAgICB9CiAgICAgICAgICAgICRzdGF0LnNpemUgPSAkc2l6ZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICAkc3RhdC5zaXplID0gMAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHN0YXQuZXh0ZW5zaW9uID0gJGluZm8uRXh0ZW5zaW9uCiAgICAgICAgJHN0YXQuaXNyZWcgPSAkdHJ1ZQogICAgICAgICRzdGF0LnNpemUgPSAkaW5mby5MZW5ndGgKCiAgICAgICAgaWYgKCRnZXRfbWQ1KSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3RhdC5tZDUgPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gIm1kNSIKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gZ2V0IE1ENSBoYXNoIG9mIGZpbGUsIHJlbW92ZSBnZXRfbWQ1IHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBpZiAoJGdldF9jaGVja3N1bSkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgJHN0YXQuY2hlY2tzdW0gPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gJGNoZWNrc3VtX2FsZ29yaXRobQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byBnZXQgaGFzaCBvZiBmaWxlLCBzZXQgZ2V0X2NoZWNrc3VtIHRvIEZhbHNlIHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAjIEdldCBzeW1ib2xpYyBsaW5rLCBqdW5jdGlvbiBwb2ludCwgaGFyZCBsaW5rIGluZm8KICAgIExvYWQtTGlua1V0aWxzCiAgICB0cnkgewogICAgICAgICRsaW5rX2luZm8gPSBHZXQtTGluayAtbGlua19wYXRoICRpbmZvLkZ1bGxOYW1lCiAgICB9IGNhdGNoIHsKICAgICAgICBBZGQtV2FybmluZyAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBjaGVjay9nZXQgbGluayBpbmZvIGZvciBmaWxlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KICAgIGlmICgkbGlua19pbmZvIC1uZSAkbnVsbCkgewogICAgICAgIHN3aXRjaCAoJGxpbmtfaW5mby5UeXBlKSB7CiAgICAgICAgICAgICJTeW1ib2xpY0xpbmsiIHsKICAgICAgICAgICAgICAgICRzdGF0LmlzbG5rID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJKdW5jdGlvblBvaW50IiB7CiAgICAgICAgICAgICAgICAkc3RhdC5pc2p1bmN0aW9uID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJIYXJkTGluayIgewogICAgICAgICAgICAgICAgJHN0YXQubG5rX3R5cGUgPSAiaGFyZCIKICAgICAgICAgICAgICAgICRzdGF0Lm5saW5rID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cy5Db3VudAoKICAgICAgICAgICAgICAgICMgcmVtb3ZlIGN1cnJlbnQgcGF0aCBmcm9tIHRoZSB0YXJnZXRzCiAgICAgICAgICAgICAgICAkaGxua190YXJnZXRzID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cyB8IFdoZXJlLU9iamVjdCB7ICRfIC1uZSAkc3RhdC5wYXRoIH0KICAgICAgICAgICAgICAgICRzdGF0LmhsbmtfdGFyZ2V0cyA9IEAoJGhsbmtfdGFyZ2V0cykKICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CgogICAgJHJlc3VsdC5zdGF0ID0gJHN0YXQKfQoKRXhpdC1Kc29uICRyZXN1bHQK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "stat", "_ansible_debug": false, "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_shell_executable": "/bin/sh", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "get_checksum": true, "_ansible_check_mode": false, "checksum_algo": "sha1", "follow": false, "path": "C:\\collect-event-log.ps1", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1629729071.42-149075018056592'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 09358417-d00f-4ee1-8de3-28ca179cf571 Path:	4104	1		3	2	15	0	1918	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4564	1220	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:12 PM	e5295ba9-9827-0005-a185-2de52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 6): gICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kI ScriptBlock ID: 09358417-d00f-4ee1-8de3-28ca179cf571 Path:	4104	1		3	2	15	0	1917	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4564	1220	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:12 PM	e5295ba9-9827-0005-a185-2de52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 6): gICAgICAgICBUeXBlID0gTGlua1R5cGUuSGFyZExpbmssCiAgICAgICAgICAgICAgICAgICAgSGFyZFRhcmdldHMgPSByZXN1bHQuVG9BcnJheSgpCiAgICAgICAgICAgICAgICB9OwoKICAgICAgICAgICAgcmV0dXJuIG51bGw7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBMaW5rSW5mbyBHZXRSZXBhcnNlUG9pbnRJbmZvKHN0cmluZyBsaW5rUGF0aCkKICAgICAgICB7CiAgICAgICAgICAgIFNhZmVGaWxlSGFuZGxlIGZpbGVIYW5kbGUgPSBDcmVhdGVGaWxlKAogICAgICAgICAgICAgICAgbGlua1BhdGgsCiAgICAgICAgICAgICAgICBGaWxlQWNjZXNzLlJlYWQsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuTm9uZSwKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgRmlsZU1vZGUuT3BlbiwKICAgICAgICAgICAgICAgIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgfCBGSUxFX0ZMQUdfQkFDS1VQX1NFTUFOVElDUywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKTsKCiAgICAgICAgICAgIGlmIChmaWxlSGFuZGxlLklzSW52YWxpZCkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZUZpbGUoezB9KSBmYWlsZWQiLCBsaW5rUGF0aCkpOyAgICAgICAgICAgIAoKICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfR0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICAgICAgMCwKICAgICAgICAgICAgICAgICAgICBvdXQgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIE1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgZm9yIGZpbGUgYXQgezB9IiwgbGlua1BhdGgpKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUuRGlzcG9zZSgpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBib29sIGlzUmVsYXRpdmUgPSBmYWxzZTsKICAgICAgICAgICAgaW50IHBhdGhPZmZzZXQgPSAwOwogICAgICAgICAgICBMaW5rVHlwZSBsaW5rVHlwZTsKICAgICAgICAgICAgaWYgKGJ1ZmZlci5SZXBhcnNlVGFnID09IElPX1JFUEFSU0VfVEFHX1NZTUxJTkspCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFVJbnQzMiBidWZmZXJGbGFncyA9IENvbnZlcnQuVG9VSW50MzIoYnVmZmVyLlBhdGhCdWZmZXJbMF0pICsgQ29udmVydC5Ub1VJbnQzMihidWZmZXIuUGF0aEJ1ZmZlclsxXSk7CiAgICAgICAgICAgICAgICBpZiAoYnVmZmVyRmxhZ3MgPT0gU1lNTElOS19GTEFHX1JFTEFUSVZFKQogICAgICAgICAgICAgICAgICAgIGlzUmVsYXRpdmUgPSB0cnVlOwogICAgICAgICAgICAgICAgcGF0aE9mZnNldCA9IDI7CiAgICAgICAgICAgICAgICBsaW5rVHlwZSA9IExpbmtUeXBlLlN5bWJvbGljTGluazsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlIGlmIChidWZmZXIuUmVwYXJzZVRhZyA9PSBJT19SRVBBUlNFX1RBR19NT1VOVF9QT0lOVCkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgbGlua1R5cGUgPSBMaW5rVHlwZS5KdW5jdGlvblBvaW50OwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIGVycm9yTWVzc2FnZSA9IFN0cmluZy5Gb3JtYXQoIkludmFsaWQgUmVwYXJzZSBUYWc6IHswfSIsIGJ1ZmZlci5SZXBhcnNlVGFnLlRvU3RyaW5nKCkpOwogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEV4Y2VwdGlvbihlcnJvck1lc3NhZ2UpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBzdHJpbmcgcHJpbnROYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlByaW50TmFtZU9mZnNldCAvIFNJWkVfT0ZfV0NIQVIpICsgcGF0aE9mZnNldCwgKGludCkoYnVmZmVyLlByaW50TmFtZUxlbmd0aCAvIFNJWkVfT0ZfV0NIQVIpKTsKICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0IC8gU0laRV9PRl9XQ0hBUikgKyBwYXRoT2Zmc2V0LCAoaW50KShidWZmZXIuU3Vic3RpdHV0ZU5hbWVMZW5ndGggLyBTSVpFX09GX1dDSEFSKSk7CgogICAgICAgICAgICAvLyBUT0RPOiBzaG91bGQgd2UgY2hlY2sgZm9yIFw/XFVOQ1xzZXJ2ZXIgZm9yIGNvbnZlcnQgaXQgdG8gdGhlIE5UIHN0eWxlIFxcc2VydmVyIHBhdGgKICAgICAgICAgICAgLy8gUmVtb3ZlIHRoZSBsZWFkaW5nIFdpbmRvd3Mgb2JqZWN0IGRpcmVjdG9yeSBcP1wgZnJvbSB0aGUgcGF0aCBpZiBwcmVzZW50CiAgICAgICAgICAgIHN0cmluZyB0YXJnZXRQYXRoID0gc3Vic3RpdHV0ZU5hbWU7CiAgICAgICAgICAgIGlmICh0YXJnZXRQYXRoLlN0YXJ0c1dpdGgoIlxcPz9cXCIpKQogICAgICAgICAgICAgICAgdGFyZ2V0UGF0aCA9IHRhcmdldFBhdGguU3Vic3RyaW5nKDQsIHRhcmdldFBhdGguTGVuZ3RoIC0gNCk7CgogICAgICAgICAgICBzdHJpbmcgYWJzb2x1dGVQYXRoID0gdGFyZ2V0UGF0aDsKICAgICAgICAgICAgaWYgKGlzUmVsYXRpdmUpCiAgICAgICAgICAgICAgICBhYnNvbHV0ZVBhdGggPSBQYXRoLkdldEZ1bGxQYXRoKFBhdGguQ29tYmluZShuZXcgRmlsZUluZm8obGlua1BhdGgpLkRpcmVjdG9yeS5GdWxsTmFtZSwgdGFyZ2V0UGF0aCkpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBMaW5rSW5mbwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBUeXBlID0gbGlua1R5cGUsCiAgICAgICAgICAgICAgICBQcmludE5hbWUgPSBwcmludE5hbWUsCiAgICAgICAgICAgICAgICBTdWJzdGl0dXRlTmFtZSA9IHN1YnN0aXR1dGVOYW1lLAogICAgICAgICAgICAgICAgQWJzb2x1dGVQYXRoID0gYWJzb2x1dGVQYXRoLAogICAgICAgICAgICAgICAgVGFyZ2V0UGF0aCA9IHRhcmdldFBhdGgKICAgICAgICAgICAgfTsKICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIHZvaWQgQ3JlYXRlSnVuY3Rpb25Qb2ludChzdHJpbmcgbGlua1BhdGgsIHN0cmluZyBsaW5rVGFyZ2V0KQogICAgICAgIHsKICAgICAgICAgICAgLy8gV2UgbmVlZCB0byBjcmVhdGUgdGhlIGxpbmsgYXMgYSBkaXIgYmVmb3JlaGFuZAogICAgICAgICAgICBEaXJlY3RvcnkuQ3JlYXRlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgZmlsZUhhbmRsZSA9IENyZWF0ZUZpbGUoCiAgICAgICAgICAgICAgICBsaW5rUGF0aCwKICAgICAgICAgICAgICAgIEZpbGVBY2Nlc3MuV3JpdGUsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuUmVhZCB8IEZpbGVTaGFyZS5Xcml0ZSB8IEZpbGVTaGFyZS5Ob25lLAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICBGaWxlTW9kZS5PcGVuLAogICAgICAgICAgICAgICAgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgfCBGSUxFX0ZMQUdfT1BFTl9SRVBBUlNFX1BPSU5ULAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8pOwoKICAgICAgICAgICAgaWYgKGZpbGVIYW5kbGUuSXNJbnZhbGlkKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlRmlsZSh7MH0pIGZhaWxlZCIsIGxpbmtQYXRoKSk7CgogICAgICAgICAgICB0cnkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gIlxcPz9cXCIgKyBQYXRoLkdldEZ1bGxQYXRoKGxpbmtUYXJnZXQpOwogICAgICAgICAgICAgICAgc3RyaW5nIHByaW50TmFtZSA9IGxpbmtUYXJnZXQ7CgogICAgICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICAgICAgYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0ID0gMDsKICAgICAgICAgICAgICAgIGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCA9IChVSW50MTYpKHN1YnN0aXR1dGVOYW1lLkxlbmd0aCAqIFNJWkVfT0ZfV0NIQVIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZU9mZnNldCA9IChVSW50MTYpKGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCArIDIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZUxlbmd0aCA9IChVSW50MTYpKHByaW50TmFtZS5MZW5ndGggKiBTSVpFX09GX1dDSEFSKTsKCiAgICAgICAgICAgICAgICBidWZmZXIuUmVwYXJzZVRhZyA9IElPX1JFUEFSU0VfVEFHX01PVU5UX1BPSU5UOwogICAgICAgICAgICAgICAgYnVmZmVyLlJlcGFyc2VEYXRhTGVuZ3RoID0gKFVJbnQxNikoYnVmZmVyLlN1YnN0aXR1dGVOYW1lTGVuZ3RoICsgYnVmZmVyLlByaW50TmFtZUxlbmd0aCArIDEyKTsKICAgICAgICAgICAgICAgIGJ1ZmZlci5QYXRoQnVmZmVyID0gbmV3IGNoYXJbTUFYSU1VTV9SRVBBUlNFX0RBVEFfQlVGRkVSX1NJWkVdOwoKICAgICAgICAgICAgICAgIGJ5dGVbXSB1bmljb2RlQnl0ZXMgPSBFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHN1YnN0aXR1dGVOYW1lICsgIlwwIiArIHByaW50TmFtZSk7CiAgICAgICAgICAgICAgICBjaGFyW10gcGF0aEJ1ZmZlciA9IEVuY29kaW5nLlVuaWNvZGUuR2V0Q2hhcnModW5pY29kZUJ5dGVzKTsKICAgICAgICAgICAgICAgIEFycmF5LkNvcHkocGF0aEJ1ZmZlciwgYnVmZmVyLlBhdGhCdWZmZXIsIHBhdGhCdWZmZXIuTGVuZ3RoKTsKCiAgICAgICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIChVSW50MzIpKGJ1ZmZlci5SZXBhcnNlRGF0YUxlbmd0aCArIDgpLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLCAwLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgdG8gY3JlYXRlIGp1bmN0aW9uIHBvaW50IGF0IHswfSB0byB7MX0iLCBsaW5rUGF0aCwgbGlua1RhcmdldCkpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZmlsZUhhbmRsZS5EaXNwb3NlKCk7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9Cn0KJ0AKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRsaW5rX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKICAgIEltcG9ydC1Qcml2aWxlZ2VVdGlsCiAgICAjIGVuYWJsZSB0aGUgU2VCYWNrdXBQcml2aWxlZ2UgaWYgaXQgaXMgZGlzYWJsZWQKICAgICRzdGF0ZSA9IEdldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQmFja3VwUHJpdmlsZWdlCiAgICBpZiAoJHN0YXRlIC1lcSAkZmFsc2UpIHsKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZSAtTmFtZSBTZUJhY2t1cFByaXZpbGVnZSAtVmFsdWUgJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUxpbmsoJGxpbmtfcGF0aCkgewogICAgJGxpbmtfaW5mbyA9IFtBbnNpYmxlLkxpbmtVdGlsXTo6R2V0TGlua0luZm8oJGxpbmtfcGF0aCkKICAgIHJldHVybiAkbGlua19pbmZvCn0KCkZ1bmN0aW9uIFJlbW92ZS1MaW5rKCRsaW5rX3BhdGgpIHsKICAgIFtBbnNpYmxlLkxpbmtVdGlsXTo6RGVsZXRlTGluaygkbGlua19wYXRoKQp9CgpGdW5jdGlvbiBOZXctTGluaygkbGlua19wYXRoLCAkbGlua190YXJnZXQsICRsaW5rX3R5cGUpIHsKICAgIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0KSkgewogICAgICAgIHRocm93ICJsaW5rX3RhcmdldCAnJGxpbmtfdGFyZ2V0JyBkb2VzIG5vdCBleGlzdCwgY2Fubm90IGNyZWF0ZSBsaW5rIgogICAgfQogICAgCiAgICBzd2l0Y2goJGxpbmtfdHlwZSkgewogICAgICAgICJsaW5rIiB7CiAgICAgICAgICAgICR0eXBlID0gW0Fuc2libGUuTGlua1R5cGVdOjpTeW1ib2xpY0xpbmsKICAgICAgICB9CiAgICAgICAgImp1bmN0aW9uIiB7CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGp1bmN0aW9uIHBvaW50IHRvIGEgZmlsZSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SnVuY3Rpb25Qb2ludAogICAgICAgIH0KICAgICAgICAiaGFyZCIgewogICAgICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRsaW5rX3RhcmdldCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGhhcmQgbGluayB0byBhIGRpcmVjdG9yeSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SGFyZExpbmsKICAgICAgICB9CiAgICAgICAgZGVmYXVsdCB7IHRocm93ICJpbnZhbGlkIGxpbmtfdHlwZSBvcHRpb24gJCgkbGlua190eXBlKTogZXhwZWN0aW5nIGxpbmssIGp1bmN0aW9uLCBoYXJkIiB9CiAgICB9CiAgICBbQW5zaWJsZS5MaW5rVXRpbF06OkNyZWF0ZUxpbmsoJGxpbmtfcGF0aCwgJGxpbmtfdGFyZ2V0LCAkdHlwZSkKfQoKIyB0aGlzIGxpbmUgbXVzdCBzdGF5IGF0IHRoZSBib3R0b20gdG8gZW5zdXJlIGFsbCBkZWZpbmVkIG1vZHVsZSBwYXJ0cyBhcmUgZXhwb3J0ZWQKRXhwb3J0LU1vZHVsZU1lbWJlciAtQWxpYXMgKiAtRnVuY3Rpb24gKiAtQ21kbGV0ICoK", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICA ScriptBlock ID: 09358417-d00f-4ee1-8de3-28ca179cf571 Path:	4104	1		3	2	15	0	1916	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4564	1220	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:12 PM	e5295ba9-9827-0005-a185-2de52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 6): kV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgIyBlbmFibGUgYSBwcml2aWxlZ2UKICAgIFNldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQ3JlYXRlU3ltYm9saWNMaW5rUHJpdmlsZWdlIC1WYWx1ZSAkdHJ1ZQoKICAgICMgZGlzYWJsZSBhIHByaXZpbGVnZQogICAgU2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VDcmVhdGVTeW1ib2xpY0xpbmtQcml2aWxlZ2UgLVZhbHVlICRmYWxzZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKFN1cHBvcnRzU2hvdWxkUHJvY2VzcyldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZSwKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW2Jvb2xdJFZhbHVlCiAgICApCgogICAgJGFjdGlvbiA9IHN3aXRjaCgkVmFsdWUpIHsKICAgICAgICAkdHJ1ZSB7ICJFbmFibGUiIH0KICAgICAgICAkZmFsc2UgeyAiRGlzYWJsZSIgfQogICAgfQoKICAgICRjdXJyZW50X3N0YXRlID0gR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgJE5hbWUKICAgIGlmICgkY3VycmVudF9zdGF0ZSAtZXEgJFZhbHVlKSB7CiAgICAgICAgcmV0dXJuICAjIG5vIGNoYW5nZSBuZWVkcyB0byBvY2N1cgogICAgfSBlbHNlaWYgKCRudWxsIC1lcSAkY3VycmVudF9zdGF0ZSkgewogICAgICAgICMgb25jZSBhIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gYSB0b2tlbiB3ZSBjYW5ub3QgZG8gYW55dGhpbmcgd2l0aCBpdAogICAgICAgIHRocm93IFtTeXN0ZW0uSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbl0gIkNhbm5vdCAkKCRhY3Rpb24uVG9Mb3dlcigpKSB0aGUgcHJpdmlsZWdlICckTmFtZScgYXMgaXQgaGFzIGJlZW4gcmVtb3ZlZCBmcm9tIHRoZSB0b2tlbiIKICAgIH0KCiAgICAkcHJvY2Vzc190b2tlbiA9IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCkKICAgIGlmICgkUFNDbWRsZXQuU2hvdWxkUHJvY2VzcygkTmFtZSwgIiRhY3Rpb24gdGhlIHByaXZpbGVnZSAkTmFtZSIpKSB7CiAgICAgICAgJG5ld19zdGF0ZSA9IE5ldy1PYmplY3QgLVR5cGVOYW1lICdTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmddLCBbU3lzdGVtLk51bGxhYmxlYDFbU3lzdGVtLkJvb2xlYW5dXV0nCiAgICAgICAgJG5ld19zdGF0ZS5BZGQoJE5hbWUsICRWYWx1ZSkKICAgICAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3NfdG9rZW4sICRuZXdfc3RhdGUpID4gJG51bGwKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gSW1wb3J0LVByaXZpbGVnZVV0aWwsIEdldC1BbnNpYmxlUHJpdmlsZWdlLCBTZXQtQW5zaWJsZVByaXZpbGVnZSBgCiAgICAtVmFyaWFibGUgYW5zaWJsZV9wcml2aWxlZ2VfdXRpbF9uYW1lc3BhY2VzLCBhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGU=", "Ansible.ModuleUtils.LinkUtil": "ICMgQ29weXJpZ2h0IChjKSAyMDE3IEFuc2libGUgUHJvamVjdAogIyBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlIChzZWUgbGljZW5zZXMvc2ltcGxpZmllZF9ic2QudHh0IG9yIGh0dHBzOi8vb3BlbnNvdXJjZS5vcmcvbGljZW5zZXMvQlNELTItQ2xhdXNlKQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Qcml2aWxlZ2VVdGlsCgpGdW5jdGlvbiBMb2FkLUxpbmtVdGlscygpIHsKICAgICRsaW5rX3V0aWwgPSBAJwp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWM7CnVzaW5nIFN5c3RlbS5JTzsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwp1c2luZyBTeXN0ZW0uVGV4dDsKCm5hbWVzcGFjZSBBbnNpYmxlCnsKICAgIHB1YmxpYyBlbnVtIExpbmtUeXBlCiAgICB7CiAgICAgICAgU3ltYm9saWNMaW5rLAogICAgICAgIEp1bmN0aW9uUG9pbnQsCiAgICAgICAgSGFyZExpbmsKICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CgogICAgICAgIHB1YmxpYyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIExpbmtVdGlsV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgb3ZlcnJpZGUgc3RyaW5nIE1lc3NhZ2UgeyBnZXQgeyByZXR1cm4gX21zZzsgfSB9CiAgICAgICAgcHVibGljIHN0YXRpYyBleHBsaWNpdCBvcGVyYXRvciBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBMaW5rSW5mbwogICAgewogICAgICAgIHB1YmxpYyBMaW5rVHlwZSBUeXBlIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICBwdWJsaWMgc3RyaW5nIFByaW50TmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBTdWJzdGl0dXRlTmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBBYnNvbHV0ZVBhdGggeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIHB1YmxpYyBzdHJpbmcgVGFyZ2V0UGF0aCB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZ1tdIEhhcmRUYXJnZXRzIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgIH0KCiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICBwdWJsaWMgc3RydWN0IFJFUEFSU0VfREFUQV9CVUZGRVIKICAgIHsKICAgICAgICBwdWJsaWMgVUludDMyIFJlcGFyc2VUYWc7CiAgICAgICAgcHVibGljIFVJbnQxNiBSZXBhcnNlRGF0YUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFJlc2VydmVkOwogICAgICAgIHB1YmxpYyBVSW50MTYgU3Vic3RpdHV0ZU5hbWVPZmZzZXQ7CiAgICAgICAgcHVibGljIFVJbnQxNiBTdWJzdGl0dXRlTmFtZUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZU9mZnNldDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZUxlbmd0aDsKCiAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkJ5VmFsQXJyYXksIFNpemVDb25zdCA9IExpbmtVdGlsLk1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFKV0KICAgICAgICBwdWJsaWMgY2hhcltdIFBhdGhCdWZmZXI7CiAgICB9CgogICAgcHVibGljIGNsYXNzIExpbmtVdGlsCiAgICB7CiAgICAgICAgcHVibGljIGNvbnN0IGludCBNQVhJTVVNX1JFUEFSU0VfREFUQV9CVUZGRVJfU0laRSA9IDEwMjQgKiAxNjsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgPSAweDAyMDAwMDAwOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgPSAweDAwMjAwMDAwOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBGU0NUTF9HRVRfUkVQQVJTRV9QT0lOVCA9IDB4MDAwOTAwQTg7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQgPSAweDAwMDkwMEE0OwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfREVWSUNFX0ZJTEVfU1lTVEVNID0gMHgwMDA5MDAwMDsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgSU9fUkVQQVJTRV9UQUdfTU9VTlRfUE9JTlQgPSAweEEwMDAwMDAzOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIElPX1JFUEFSU0VfVEFHX1NZTUxJTksgPSAweEEwMDAwMDBDOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1MSU5LX0ZMQUdfUkVMQVRJVkUgPSAweDAwMDAwMDAxOwoKICAgICAgICBwcml2YXRlIGNvbnN0IEludDY0IElOVkFMSURfSEFORExFX1ZBTFVFID0gLTE7CgogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIFNJWkVfT0ZfV0NIQVIgPSAyOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRSA9IDB4MDAwMDAwMDA7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgU1lNQk9MSUNfTElOS19GTEFHX0RJUkVDVE9SWSA9IDB4MDAwMDAwMDE7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBTYWZlRmlsZUhhbmRsZSBDcmVhdGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLlU0KV0gRmlsZUFjY2VzcyBkd0Rlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5VNCldIEZpbGVTaGFyZSBkd1NoYXJlTW9kZSwKICAgICAgICAgICAgSW50UHRyIGxwU2VjdXJpdHlBdHRyaWJ1dGVzLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuVTQpXSBGaWxlTW9kZSBkd0NyZWF0aW9uRGlzcG9zaXRpb24sCiAgICAgICAgICAgIFVJbnQzMiBkd0ZsYWdzQW5kQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGhUZW1wbGF0ZUZpbGUpOwoKICAgICAgICAvLyBVc2VkIGJ5IEdldFJlcGFyc2VQb2ludEluZm8oKQogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIERldmljZUlvQ29udHJvbCgKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaERldmljZSwKICAgICAgICAgICAgVUludDMyIGR3SW9Db250cm9sQ29kZSwKICAgICAgICAgICAgSW50UHRyIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgUkVQQVJTRV9EQVRBX0JVRkZFUiBscE91dEJ1ZmZlciwKICAgICAgICAgICAgVUludDMyIG5PdXRCdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgVUludDMyIGxwQnl0ZXNSZXR1cm5lZCwKICAgICAgICAgICAgSW50UHRyIGxwT3ZlcmxhcHBlZCk7CgogICAgICAgIC8vIFVzZWQgYnkgQ3JlYXRlSnVuY3Rpb25Qb2ludCgpCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIGJvb2wgRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICBTYWZlRmlsZUhhbmRsZSBoRGV2aWNlLAogICAgICAgICAgICBVSW50MzIgZHdJb0NvbnRyb2xDb2RlLAogICAgICAgICAgICBSRVBBUlNFX0RBVEFfQlVGRkVSIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBJbnRQdHIgbHBPdXRCdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuT3V0QnVmZmVyU2l6ZSwKICAgICAgICAgICAgb3V0IFVJbnQzMiBscEJ5dGVzUmV0dXJuZWQsCiAgICAgICAgICAgIEludFB0ciBscE92ZXJsYXBwZWQpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBHZXRWb2x1bWVQYXRoTmFtZSgKICAgICAgICAgICAgc3RyaW5nIGxwc3pGaWxlTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscHN6Vm9sdW1lUGF0aE5hbWUsCiAgICAgICAgICAgIHJlZiBVSW50MzIgY2NoQnVmZmVyTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIEludFB0ciBGaW5kRmlyc3RGaWxlTmFtZVcoCiAgICAgICAgICAgIHN0cmluZyBscEZpbGVOYW1lLAogICAgICAgICAgICBVSW50MzIgZHdGbGFncywKICAgICAgICAgICAgcmVmIFVJbnQzMiBTdHJpbmdMZW5ndGgsCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgTGlua05hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBGaW5kTmV4dEZpbGVOYW1lVygKICAgICAgICAgICAgSW50UHRyIGhGaW5kU3RyZWFtLAogICAgICAgICAgICByZWYgVUludDMyIFN0cmluZ0xlbmd0aCwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBMaW5rTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEZpbmRDbG9zZSgKICAgICAgICAgICAgSW50UHRyIGhGaW5kRmlsZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeSgKICAgICAgICAgICAgc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBEZWxldGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIENyZWF0ZVN5bWJvbGljTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwU3ltbGlua0ZpbGVOYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBUYXJnZXRGaWxlTmFtZSwKICAgICAgICAgICAgVUludDMyIGR3RmxhZ3MpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVIYXJkTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwRmlsZU5hbWUsCiAgICAgICAgICAgIHN0cmluZyBscEV4aXN0aW5nRmlsZU5hbWUsCiAgICAgICAgICAgIEludFB0ciBscFNlY3VyaXR5QXR0cmlidXRlcyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgTGlua0luZm8gR2V0TGlua0luZm8oc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rUGF0aCk7CiAgICAgICAgICAgIGlmIChhdHRyLkhhc0ZsYWcoRmlsZUF0dHJpYnV0ZXMuUmVwYXJzZVBvaW50KSkKICAgICAgICAgICAgICAgIHJldHVybiBHZXRSZXBhcnNlUG9pbnRJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIGlmICghYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICByZXR1cm4gR2V0SGFyZExpbmtJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIHJldHVybiBudWxsOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUxpbmsoc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgYm9vbCBzdWNjZXNzOwogICAgICAgICAgICBGaWxlQXR0cmlidXRlcyBhdHRyID0gRmlsZS5HZXRBdHRyaWJ1dGVzKGxpbmtQYXRoKTsKICAgICAgICAgICAgaWYgKGF0dHIuSGFzRmxhZyhGaWxlQXR0cmlidXRlcy5EaXJlY3RvcnkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzdWNjZXNzID0gUmVtb3ZlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIHN1Y2Nlc3MgPSBEZWxldGVGaWxlKGxpbmtQYXRoKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgaWYgKCFzdWNjZXNzKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRmFpbGVkIHRvIGRlbGV0ZSBsaW5rIGF0IHswfSIsIGxpbmtQYXRoKSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgQ3JlYXRlTGluayhzdHJpbmcgbGlua1BhdGgsIFN0cmluZyBsaW5rVGFyZ2V0LCBMaW5rVHlwZSBsaW5rVHlwZSkKICAgICAgICB7CiAgICAgICAgICAgIHN3aXRjaCAobGlua1R5cGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGNhc2UgTGlua1R5cGUuU3ltYm9saWNMaW5rOgogICAgICAgICAgICAgICAgICAgIFVJbnQzMiBsaW5rRmxhZ3M7CiAgICAgICAgICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rVGFyZ2V0KTsKICAgICAgICAgICAgICAgICAgICBpZiAoYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICAgICAgICAgIGxpbmtGbGFncyA9IFNZTUJPTElDX0xJTktfRkxBR19ESVJFQ1RPUlk7CiAgICAgICAgICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgICAgICAgICBsaW5rRmxhZ3MgPSBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRTsKCiAgICAgICAgICAgICAgICAgICAgaWYgKCFDcmVhdGVTeW1ib2xpY0xpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIGxpbmtGbGFncykpCiAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZVN5bWJvbGljTGluayh7MH0sIHsxfSwgezJ9KSBmYWlsZWQiLCBsaW5rUGF0aCwgbGlua1RhcmdldCwgbGlua0ZsYWdzKSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkp1bmN0aW9uUG9pbnQ6CiAgICAgICAgICAgICAgICAgICAgQ3JlYXRlSnVuY3Rpb25Qb2ludChsaW5rUGF0aCwgbGlua1RhcmdldCk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkhhcmRMaW5rOgogICAgICAgICAgICAgICAgICAgIGlmICghQ3JlYXRlSGFyZExpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlSGFyZExpbmsoezB9LCB7MX0pIGZhaWxlZCIsIGxpbmtQYXRoLCBsaW5rVGFyZ2V0KSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIExpbmtJbmZvIEdldEhhcmRMaW5rSW5mbyhzdHJpbmcgbGlua1BhdGgpCiAgICAgICAgewogICAgICAgICAgICBVSW50MzIgbWF4UGF0aCA9IDI2MDsKICAgICAgICAgICAgTGlzdDxzdHJpbmc+IHJlc3VsdCA9IG5ldyBMaXN0PHN0cmluZz4oKTsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgc2IgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KW1heFBhdGgpOwogICAgICAgICAgICBVSW50MzIgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgaWYgKCFHZXRWb2x1bWVQYXRoTmFtZShsaW5rUGF0aCwgc2IsIHJlZiBzdHJpbmdMZW5ndGgpKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oIkdldFZvbHVtZVBhdGhOYW1lKCkgZmFpbGVkIik7CiAgICAgICAgICAgIHN0cmluZyB2b2x1bWUgPSBzYi5Ub1N0cmluZygpOwoKICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgSW50UHRyIGZpbmRIYW5kbGUgPSBGaW5kRmlyc3RGaWxlTmFtZVcobGlua1BhdGgsIDAsIHJlZiBzdHJpbmdMZW5ndGgsIHNiKTsKICAgICAgICAgICAgaWYgKGZpbmRIYW5kbGUuVG9JbnQ2NCgpICE9IElOVkFMSURfSEFORExFX1ZBTFVFKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBkbwogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nIGhhcmRMaW5rUGF0aCA9IHNiLlRvU3RyaW5nKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChoYXJkTGlua1BhdGguU3RhcnRzV2l0aCgiXFwiKSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhhcmRMaW5rUGF0aCA9IGhhcmRMaW5rUGF0aC5TdWJzdHJpbmcoMSwgaGFyZExpbmtQYXRoLkxlbmd0aCAtIDEpOwoKICAgICAgICAgICAgICAgICAgICAgICAgcmVzdWx0LkFkZChQYXRoLkNvbWJpbmUodm9sdW1lLCBoYXJkTGlua1BhdGgpKTsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKCiAgICAgICAgICAgICAgICAgICAgfSB3aGlsZSAoRmluZE5leHRGaWxlTmFtZVcoZmluZEhhbmRsZSwgcmVmIHN0cmluZ0xlbmd0aCwgc2IpKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBGaW5kQ2xvc2UoZmluZEhhbmRsZSk7CiAgICAgICAgICAgICAgICB9ICAgICAgICAgICAgICAgIAogICAgICAgICAgICB9CgogICAgICAgICAgICBpZiAocmVzdWx0LkNvdW50ID4gMSkKICAgICAgICAgICAgICAgIHJldHVybiBuZXcgTGlua0luZm8KICAgICAgICAgICAgICAgIHsKICAgICAgICAgICA ScriptBlock ID: 09358417-d00f-4ee1-8de3-28ca179cf571 Path:	4104	1		3	2	15	0	1915	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4564	1220	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:12 PM	e5295ba9-9827-0005-a185-2de52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 6): gICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkOwogICAgICAgICAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgICAgICAgICBjYXNlIGZhbHNlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5EaXNhYmxlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICAgICAgZGVmYXVsdDoKICAgICAgICAgICAgICAgICAgICAgICAgYXR0cmlidXRlcyA9IFByaXZpbGVnZUF0dHJpYnV0ZXMuUmVtb3ZlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgcHJpdmlsZWdlQXR0cltpXS5MdWlkID0gbHVpZDsKICAgICAgICAgICAgICAgIHByaXZpbGVnZUF0dHJbaV0uQXR0cmlidXRlcyA9IGF0dHJpYnV0ZXM7CiAgICAgICAgICAgICAgICBpKys7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHJldHVybiBBZGp1c3RUb2tlblByaXZpbGVnZXModG9rZW4sIHByaXZpbGVnZUF0dHIpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBBZGp1c3RUb2tlblByaXZpbGVnZXMoU2FmZUhhbmRsZSB0b2tlbiwgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gbmV3U3RhdGUpCiAgICAgICAgewogICAgICAgICAgICBib29sIGRpc2FibGVBbGxQcml2aWxlZ2VzOwogICAgICAgICAgICBJbnRQdHIgbmV3U3RhdGVQdHI7CiAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1tdIG9sZFN0YXRlUHJpdmlsZWdlczsKICAgICAgICAgICAgVUludDMyIHJldHVybkxlbmd0aDsKCiAgICAgICAgICAgIGlmIChuZXdTdGF0ZSA9PSBudWxsKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBkaXNhYmxlQWxsUHJpdmlsZWdlcyA9IHRydWU7CiAgICAgICAgICAgICAgICBuZXdTdGF0ZVB0ciA9IEludFB0ci5aZXJvOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZGlzYWJsZUFsbFByaXZpbGVnZXMgPSBmYWxzZTsKCiAgICAgICAgICAgICAgICAvLyBOZWVkIHRvIG1hbnVhbGx5IG1hcnNoYWwgdGhlIGJ5dGVzIHJlcXVpcmVzIGZvciBuZXdTdGF0ZSBhcyB0aGUgY29uc3RhbnQgc2l6ZQogICAgICAgICAgICAgICAgLy8gb2YgTFVJRF9BTkRfQVRUUklCVVRFUyBpcyBzZXQgdG8gMSBhbmQgY2FuJ3QgYmUgb3ZlcnJpZGRlbiBhdCBydW50aW1lLCBUT0tFTl9QUklWSUxFR0VTCiAgICAgICAgICAgICAgICAvLyBhbHdheXMgY29udGFpbnMgYXQgbGVhc3QgMSBlbnRyeSBzbyB3ZSBuZWVkIHRvIGNhbGN1bGF0ZSB0aGUgZXh0cmEgc2l6ZSBpZiB0aGVyZSBhcmUKICAgICAgICAgICAgICAgIC8vIG5vcmUgdGhhbiAxIExVSURfQU5EX0FUVFJJQlVURVMgZW50cnkKICAgICAgICAgICAgICAgIGludCB0b2tlblByaXZpbGVnZXNTaXplID0gTWFyc2hhbC5TaXplT2YodHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgaW50IGx1aWRBdHRyU2l6ZSA9IDA7CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMSkKICAgICAgICAgICAgICAgICAgICBsdWlkQXR0clNpemUgPSBNYXJzaGFsLlNpemVPZih0eXBlb2YoTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTKSkgKiAobmV3U3RhdGUuTGVuZ3RoIC0gMSk7CiAgICAgICAgICAgICAgICBpbnQgdG90YWxTaXplID0gdG9rZW5Qcml2aWxlZ2VzU2l6ZSArIGx1aWRBdHRyU2l6ZTsKICAgICAgICAgICAgICAgIGJ5dGVbXSBuZXdTdGF0ZUJ5dGVzID0gbmV3IGJ5dGVbdG90YWxTaXplXTsKCiAgICAgICAgICAgICAgICAvLyBnZXQgdGhlIGZpcnN0IGVudHJ5IHRoYXQgaW5jbHVkZXMgdGhlIHN0cnVjdCBkZXRhaWxzCiAgICAgICAgICAgICAgICBOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMgdG9rZW5Qcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUygpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgUHJpdmlsZWdlQ291bnQgPSAoVUludDMyKW5ld1N0YXRlLkxlbmd0aCwKICAgICAgICAgICAgICAgICAgICBQcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1sxXSwKICAgICAgICAgICAgICAgIH07CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMCkKICAgICAgICAgICAgICAgICAgICB0b2tlblByaXZpbGVnZXMuUHJpdmlsZWdlc1swXSA9IG5ld1N0YXRlWzBdOwogICAgICAgICAgICAgICAgaW50IG9mZnNldCA9IFN0cnVjdHVyZVRvQnl0ZXModG9rZW5Qcml2aWxlZ2VzLCBuZXdTdGF0ZUJ5dGVzLCAwKTsKCiAgICAgICAgICAgICAgICAvLyBjb3B5IHRoZSByZW1haW5pbmcgTFVJRF9BTkRfQVRUUklCVVRFUyAoaWYgYW55KQogICAgICAgICAgICAgICAgZm9yIChpbnQgaSA9IDE7IGkgPCBuZXdTdGF0ZS5MZW5ndGg7IGkrKykKICAgICAgICAgICAgICAgICAgICBvZmZzZXQgKz0gU3RydWN0dXJlVG9CeXRlcyhuZXdTdGF0ZVtpXSwgbmV3U3RhdGVCeXRlcywgb2Zmc2V0KTsKCiAgICAgICAgICAgICAgICAvLyBmaW5hbGx5IGNyZWF0ZSB0aGUgcG9pbnRlciB0byB0aGUgYnl0ZSBhcnJheSB3ZSBqdXN0IGNyZWF0ZWQKICAgICAgICAgICAgICAgIG5ld1N0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwobmV3U3RhdGVCeXRlcy5MZW5ndGgpOwogICAgICAgICAgICAgICAgTWFyc2hhbC5Db3B5KG5ld1N0YXRlQnl0ZXMsIDAsIG5ld1N0YXRlUHRyLCBuZXdTdGF0ZUJ5dGVzLkxlbmd0aCk7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBJbnRQdHIgaFRva2VuID0gSW50UHRyLlplcm87CiAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuT3BlblByb2Nlc3NUb2tlbih0b2tlbiwgVG9rZW5BY2Nlc3NMZXZlbHMuUXVlcnkgfCBUb2tlbkFjY2Vzc0xldmVscy5BZGp1c3RQcml2aWxlZ2VzLCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIk9wZW5Qcm9jZXNzVG9rZW4oKSBmYWlsZWQgd2l0aCBRdWVyeSBhbmQgQWRqdXN0UHJpdmlsZWdlcyIpOwogICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgSW50UHRyIG9sZFN0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoMCk7CiAgICAgICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkFkanVzdFRva2VuUHJpdmlsZWdlcyhoVG9rZW4sIGRpc2FibGVBbGxQcml2aWxlZ2VzLCBuZXdTdGF0ZVB0ciwgMCwgb2xkU3RhdGVQdHIsIG91dCByZXR1cm5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChlcnJDb2RlICE9IDEyMikgLy8gRVJST1JfSU5TVUZGSUNJRU5UX0JVRkZFUgogICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKGVyckNvZGUsICJBZGp1c3RUb2tlblByaXZpbGVnZXMoKSBmYWlsZWQgdG8gZ2V0IG9sZCBzdGF0ZSBzaXplIik7CiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAvLyByZXNpemUgdGhlIG9sZFN0YXRlUHRyIGJhc2VkIG9uIHRoZSBsZW5ndGggcmV0dXJuZWQgZnJvbSBXaW5kb3dzCiAgICAgICAgICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChvbGRTdGF0ZVB0cik7CiAgICAgICAgICAgICAgICAgICAgb2xkU3RhdGVQdHIgPSBNYXJzaGFsLkFsbG9jSEdsb2JhbCgoaW50KXJldHVybkxlbmd0aCk7CiAgICAgICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBib29sIHJlcyA9IE5hdGl2ZU1ldGhvZHMuQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGhUb2tlbiwgZGlzYWJsZUFsbFByaXZpbGVnZXMsIG5ld1N0YXRlUHRyLCByZXR1cm5MZW5ndGgsIG9sZFN0YXRlUHRyLCBvdXQgcmV0dXJuTGVuZ3RoKTsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBldmVuIHdoZW4gcmVzID09IHRydWUsIEVSUk9SX05PVF9BTExfQVNTSUdORUQgbWF5IGJlIHNldCBhcyB0aGUgbGFzdCBlcnJvciBjb2RlCiAgICAgICAgICAgICAgICAgICAgICAgIGlmICghcmVzIHx8IGVyckNvZGUgIT0gMCkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihlcnJDb2RlLCAiQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKCkgZmFpbGVkIik7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBNYXJzaGFsIHRoZSBvbGRTdGF0ZVB0ciB0byB0aGUgc3RydWN0CiAgICAgICAgICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUyBvbGRTdGF0ZSA9IChOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShvbGRTdGF0ZVB0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgICAgICBvbGRTdGF0ZVByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW29sZFN0YXRlLlByaXZpbGVnZUNvdW50XTsKICAgICAgICAgICAgICAgICAgICAgICAgUHRyVG9TdHJ1Y3R1cmVBcnJheShvbGRTdGF0ZVByaXZpbGVnZXMsIEludFB0ci5BZGQob2xkU3RhdGVQdHIsIE1hcnNoYWwuU2l6ZU9mKG9sZFN0YXRlLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBNYXJzaGFsLkZyZWVIR2xvYmFsKG9sZFN0YXRlUHRyKTsKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5DbG9zZUhhbmRsZShoVG9rZW4pOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaWYgKG5ld1N0YXRlUHRyICE9IEludFB0ci5aZXJvKQogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwobmV3U3RhdGVQdHIpOwogICAgICAgICAgICB9CgogICAgICAgICAgICByZXR1cm4gb2xkU3RhdGVQcml2aWxlZ2VzLlRvRGljdGlvbmFyeShwID0+IEdldFByaXZpbGVnZU5hbWUocC5MdWlkKSwgcCA9PiAoYm9vbD8pcC5BdHRyaWJ1dGVzLkhhc0ZsYWcoUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBzdHJpbmcgR2V0UHJpdmlsZWdlTmFtZShOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZCkKICAgICAgICB7CiAgICAgICAgICAgIFVJbnQzMiBuYW1lTGVuID0gMDsKICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5Mb29rdXBQcml2aWxlZ2VOYW1lKG51bGwsIHJlZiBsdWlkLCBudWxsLCByZWYgbmFtZUxlbik7CgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIG5hbWUgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KShuYW1lTGVuICsgMSkpOwogICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuTG9va3VwUHJpdmlsZWdlTmFtZShudWxsLCByZWYgbHVpZCwgbmFtZSwgcmVmIG5hbWVMZW4pKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJMb29rdXBQcml2aWxlZ2VOYW1lKCkgZmFpbGVkIik7CgogICAgICAgICAgICByZXR1cm4gbmFtZS5Ub1N0cmluZygpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBQdHJUb1N0cnVjdHVyZUFycmF5PFQ+KFRbXSBhcnJheSwgSW50UHRyIHB0cikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBwdHJPZmZzZXQgPSBwdHI7CiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYXJyYXkuTGVuZ3RoOyBpKyssIHB0ck9mZnNldCA9IEludFB0ci5BZGQocHRyT2Zmc2V0LCBNYXJzaGFsLlNpemVPZih0eXBlb2YoVCkpKSkKICAgICAgICAgICAgICAgIGFycmF5W2ldID0gKFQpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShwdHJPZmZzZXQsIHR5cGVvZihUKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBpbnQgU3RydWN0dXJlVG9CeXRlczxUPihUIHN0cnVjdHVyZSwgYnl0ZVtdIGFycmF5LCBpbnQgb2Zmc2V0KQogICAgICAgIHsKICAgICAgICAgICAgaW50IHNpemUgPSBNYXJzaGFsLlNpemVPZihzdHJ1Y3R1cmUpOwogICAgICAgICAgICBJbnRQdHIgc3RydWN0UHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoc2l6ZSk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBNYXJzaGFsLlN0cnVjdHVyZVRvUHRyKHN0cnVjdHVyZSwgc3RydWN0UHRyLCBmYWxzZSk7CiAgICAgICAgICAgICAgICBNYXJzaGFsLkNvcHkoc3RydWN0UHRyLCBhcnJheSwgb2Zmc2V0LCBzaXplKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwoc3RydWN0UHRyKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgcmV0dXJuIHNpemU7CiAgICAgICAgfQogICAgfQp9CidACgpGdW5jdGlvbiBJbXBvcnQtUHJpdmlsZWdlVXRpbCB7CiAgICA8IwogICAgLlNZTk9QU0lTCiAgICBDb21waWxlcyB0aGUgQyMgY29kZSB0aGF0IGNhbiBiZSB1c2VkIHRvIG1hbmFnZSBXaW5kb3dzIHByaXZpbGVnZXMgZnJvbSBhbgogICAgQW5zaWJsZSBtb2R1bGUuIE9uY2UgdGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQsIHRoZSBmb2xsb3dpbmcgUG93ZXJTaGVsbAogICAgY21kbGV0cyBjYW4gYmUgdXNlZDsKCiAgICAgICAgR2V0LUFuc2libGVQcml2aWxlZ2UKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZQoKICAgIFRoZSBhYm92ZSBjbWRsZXRzIGdpdmUgdGhlIGFiaWxpdHkgdG8gbWFuYWdlIHBlcm1pc3Npb25zIG9uIHRoZSBjdXJyZW50CiAgICBwcm9jZXNzIHRva2VuIGJ1dCB0aGUgdW5kZXJseWluZyAuTkVUIGNsYXNzZXMgYXJlIGFsc28gZXhwb3NlZCBmb3IgZ3JlYXRlcgogICAgY29udHJvbC4gVGhlIGZvbGxvd2luZyBmdW5jdGlvbnMgY2FuIGJlIHVzZWQgYnkgY2FsbGluZyB0aGUgLk5FVCBjbGFzcwoKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkbmFtZSkKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkRpc2FibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6RGlzYWJsZUFsbFByaXZpbGVnZXMoJHByb2Nlc3MpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpFbmFibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2VzcykKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OlJlbW92ZVByaXZpbGVnZSgkcHJvY2VzcywgJG5hbWUpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3MsICRuZXdfc3RhdGUpCgogICAgSGVyZSBpcyBhIGJyaWVmIGV4cGxhbmF0aW9uIG9mIGVhY2ggdHlwZSBvZiBhcmcKICAgICRwcm9jZXNzID0gVGhlIHByb2Nlc3MgaGFuZGxlIHRvIG1hbmlwdWxhdGUsIHVzZSAnW0Fuc2libGUuUHJpdmlsZWdlVXRpbHMuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCknIHRvIGdldCB0aGUgY3VycmVudCBwcm9jZXNzIGhhbmRsZQogICAgJG5hbWUgPSBUaGUgbmFtZSBvZiB0aGUgcHJpdmlsZWdlLCB0aGlzIGlzIHRoZSBjb25zdGFudCB2YWx1ZSBmcm9tIGh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3dpbmRvd3MvZGVza3RvcC9TZWNBdXRoWi9wcml2aWxlZ2UtY29uc3RhbnRzLCBlLmcuIFNlQXVkaXRQcml2aWxlZ2UKICAgICRuZXdfc3RhdGUgPSAnU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nXSwgW1N5c3RlbS5OdWxsYWJsZWAxW1N5c3RlbS5Cb29sZWFuXV1dJwogICAgICAgIFRoZSBrZXkgaXMgdGhlIGNvbnN0YW50IG5hbWUgYXMgYSBzdHJpbmcsIHRoZSB2YWx1ZSBpcyBhIHRlcm5hcnkgYm9vbGVhbiB3aGVyZQogICAgICAgICAgICB0cnVlIC0gd2lsbCBlbmFibGUgdGhlIHByaXZpbGVnZQogICAgICAgICAgICBmYWxzZSAtIHdpbGwgZGlzYWJsZSB0aGUgcHJpdmlsZWdlCiAgICAgICAgICAgIG51bGwgLSB3aWxsIHJlbW92ZSB0aGUgcHJpdmlsZWdlCgogICAgRWFjaCBtZXRob2QgdGhhdCBjaGFuZ2VzIHRoZSBwcml2aWxlZ2Ugc3RhdGUgd2lsbCByZXR1cm4gYSBkaWN0aW9uYXJ5IHRoYXQKICAgIGNhbiBiZSB1c2VkIGFzIHRoZSAkbmV3X3N0YXRlIGFyZyBvZiBTZXRUb2tlblByaXZpbGVnZXMgdG8gdW5kbyBhbmQgcmV2ZXJ0CiAgICBiYWNrIHRvIHRoZSBvcmlnaW5hbCBzdGF0ZS4gSWYgeW91IHJlbW92ZSBhIHByaXZpbGVnZSB0aGVuIHRoaXMgaXMKICAgIGlycmV2ZXJzaWJsZSBhbmQgd29uJ3QgYmUgcGFydCBvZiB0aGUgcmV0dXJuZWQgZGljdAogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICAjIGJ1aWxkIHRoZSBDIyBjb2RlIHRvIGNvbXBpbGUKICAgICRuYW1lc3BhY2VfaW1wb3J0ID0gKCRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX25hbWVzcGFjZXMgfCBGb3JFYWNoLU9iamVjdCB7ICJ1c2luZyAkXzsiIH0pIC1qb2luICJgcmBuIgogICAgJHBsYXRmb3JtX3V0aWwgPSAiJG5hbWVzcGFjZV9pbXBvcnRgcmBuYHJgbiRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGUiCgogICAgIyBGVVRVUkU6IGZpbmQgYSBiZXR0ZXIgd2F5IHRvIGdldCB0aGUgX2Fuc2libGVfcmVtb3RlX3RtcCB2YXJpYWJsZQogICAgIyB0aGlzIGlzIHVzZWQgdG8gZm9yY2UgY3NjIHRvIGNvbXBpbGUgdGhlIEMjIGNvZGUgaW4gdGhlIHJlbW90ZSB0bXAKICAgICMgc3BlY2lmaWVkCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwbGF0Zm9ybV91dGlsCiAgICAkZW52OlRNUCA9ICRvcmlnaW5hbF90bXAKfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQcml2aWxlZ2UgewogICAgPCMKICAgIC5TWU5PUFNJUwogICAgR2V0IHRoZSBzdGF0dXMgb2YgYSBwcml2aWxlZ2UgZm9yIHRoZSBjdXJyZW50IHByb2Nlc3MuIFRoaXMgcmV0dXJucwogICAgICAgICR0cnVlIC0gdGhlIHByaXZpbGVnZSBpcyBlbmFibGVkCiAgICAgICAgJGZhbHNlIC0gdGhlIHByaXZpbGVnZSBpcyBkaXNhYmxlZAogICAgICAgICRudWxsIC0gdGhlIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gdGhlIHRva2VuCgogICAgSWYgTmFtZSBpcyBub3QgYSB2YWxpZCBwcml2aWxlZ2UgbmFtZSwgdGhpcyB3aWxsIHRocm93IGFuCiAgICBBcmd1bWVudEV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VEZWJ1Z1ByaXZpbGVnZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZQogICAgKQoKICAgIGlmICgtbm90IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkTmFtZSkpIHsKICAgICAgICB0aHJvdyBbU3lzdGVtLkFyZ3VtZW50RXhjZXB0aW9uXSAiSW52YWxpZCBwcml2aWxlZ2UgbmFtZSAnJE5hbWUnIgogICAgfQoKICAgICRwcm9jZXNzX3Rva2VuID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0Q3VycmVudFByb2Nlc3MoKQogICAgJHByaXZpbGVnZV9pbmZvID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2Vzc190b2tlbikKICAgIGlmICgkcHJpdmlsZWdlX2luZm8uQ29udGFpbnNLZXkoJE5hbWUpKSB7CiAgICAgICAgJHN0YXR1cyA9ICRwcml2aWxlZ2VfaW5mby4kTmFtZQogICAgICAgIHJldHVybiAkc3RhdHVzLkhhc0ZsYWcoW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VBdHRyaWJ1dGVzXTo6RW5hYmxlZCkKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRudWxsCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1BbnNpYmxlUHJpdmlsZWdlIHsKICAgIDwjCiAgICAuU1lOT1BTSVMKICAgIEVuYWJsZXMvRGlzYWJsZXMgYSBwcml2aWxlZ2Ugb24gdGhlIGN1cnJlbnQgcHJvY2VzcycgdG9rZW4uIElmIGEgcHJpdmlsZWdlCiAgICBoYXMgYmVlbiByZW1vdmVkIGZyb20gdGhlIHByb2Nlc3MgdG9rZW4sIHRoaXMgd2lsbCB0aHJvdyBhbgogICAgSW52YWxpZE9wZXJhdGlvb ScriptBlock ID: 09358417-d00f-4ee1-8de3-28ca179cf571 Path:	4104	1		3	2	15	0	1914	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4564	1220	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:12 PM	e5295ba9-9827-0005-a185-2de52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 6): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.PrivilegeUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTggQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiMgc3RvcmUgaW4gc2VwYXJhdGUgdmFyaWFibGVzIHRvIG1ha2UgaXQgZWFzaWVyIGZvciBvdGhlciBtb2R1bGVfdXRpbHMgdG8KIyBzaGFyZSB0aGlzIGNvZGUgaW4gdGhlaXIgb3duIGMjIGNvZGUKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfbmFtZXNwYWNlcyA9IEAoCiAgICAiTWljcm9zb2Z0LldpbjMyLlNhZmVIYW5kbGVzIiwKICAgICJTeXN0ZW0iLAogICAgIlN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljIiwKICAgICJTeXN0ZW0uTGlucSIsCiAgICAiU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzIiwKICAgICJTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsIiwKICAgICJTeXN0ZW0uVGV4dCIKKQoKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfY29kZSA9IEAnCm5hbWVzcGFjZSBBbnNpYmxlLlByaXZpbGVnZVV0aWwKewogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gUHJpdmlsZWdlQXR0cmlidXRlcyA6IHVpbnQKICAgIHsKICAgICAgICBEaXNhYmxlZCA9IDB4MDAwMDAwMDAsCiAgICAgICAgRW5hYmxlZEJ5RGVmYXVsdCA9IDB4MDAwMDAwMDEsCiAgICAgICAgRW5hYmxlZCA9IDB4MDAwMDAwMDIsCiAgICAgICAgUmVtb3ZlZCA9IDB4MDAwMDAwMDQsCiAgICAgICAgVXNlZEZvckFjY2VzcyA9IDB4ODAwMDAwMDAsCiAgICB9CgogICAgaW50ZXJuYWwgY2xhc3MgTmF0aXZlSGVscGVycwogICAgewogICAgICAgIFtTdHJ1Y3RMYXlvdXQoTGF5b3V0S2luZC5TZXF1ZW50aWFsKV0KICAgICAgICBpbnRlcm5hbCBzdHJ1Y3QgTFVJRAogICAgICAgIHsKICAgICAgICAgICAgcHVibGljIFVJbnQzMiBMb3dQYXJ0OwogICAgICAgICAgICBwdWJsaWMgSW50MzIgSGlnaFBhcnQ7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IExVSURfQU5EX0FUVFJJQlVURVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBMVUlEIEx1aWQ7CiAgICAgICAgICAgIHB1YmxpYyBQcml2aWxlZ2VBdHRyaWJ1dGVzIEF0dHJpYnV0ZXM7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IFRPS0VOX1BSSVZJTEVHRVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBVSW50MzIgUHJpdmlsZWdlQ291bnQ7CiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5CeVZhbEFycmF5LCBTaXplQ29uc3QgPSAxKV0KICAgICAgICAgICAgcHVibGljIExVSURfQU5EX0FUVFJJQlVURVNbXSBQcml2aWxlZ2VzOwogICAgICAgIH0KICAgIH0KCiAgICBpbnRlcm5hbCBjbGFzcyBOYXRpdmVNZXRob2RzCiAgICB7CiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIEFkanVzdFRva2VuUHJpdmlsZWdlcygKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuQm9vbCldIGJvb2wgRGlzYWJsZUFsbFByaXZpbGVnZXMsCiAgICAgICAgICAgIEludFB0ciBOZXdTdGF0ZSwKICAgICAgICAgICAgVUludDMyIEJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgSW50UHRyIFByZXZpb3VzU3RhdGUsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIENsb3NlSGFuZGxlKAogICAgICAgICAgICBJbnRQdHIgaE9iamVjdCk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBTYWZlV2FpdEhhbmRsZSBHZXRDdXJyZW50UHJvY2VzcygpOwoKICAgICAgICBbRGxsSW1wb3J0KCJhZHZhcGkzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgR2V0VG9rZW5JbmZvcm1hdGlvbigKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBVSW50MzIgVG9rZW5JbmZvcm1hdGlvbkNsYXNzLAogICAgICAgICAgICBJbnRQdHIgVG9rZW5JbmZvcm1hdGlvbiwKICAgICAgICAgICAgVUludDMyIFRva2VuSW5mb3JtYXRpb25MZW5ndGgsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZU5hbWUoCiAgICAgICAgICAgIHN0cmluZyBscFN5c3RlbU5hbWUsCiAgICAgICAgICAgIHJlZiBOYXRpdmVIZWxwZXJzLkxVSUQgbHBMdWlkLAogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGxwTmFtZSwKICAgICAgICAgICAgcmVmIFVJbnQzMiBjY2hOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZVZhbHVlKAogICAgICAgICAgICBzdHJpbmcgbHBTeXN0ZW1OYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBOYW1lLAogICAgICAgICAgICBvdXQgTmF0aXZlSGVscGVycy5MVUlEIGxwTHVpZCk7CgogICAgICAgIFtEbGxJbXBvcnQoImFkdmFwaTMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBPcGVuUHJvY2Vzc1Rva2VuKAogICAgICAgICAgICBTYWZlSGFuZGxlIFByb2Nlc3NIYW5kbGUsCiAgICAgICAgICAgIFRva2VuQWNjZXNzTGV2ZWxzIERlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIG91dCBJbnRQdHIgVG9rZW5IYW5kbGUpOwogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KICAgICAgICBwdWJsaWMgV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQogICAgICAgIHB1YmxpYyBvdmVycmlkZSBzdHJpbmcgTWVzc2FnZSB7IGdldCB7IHJldHVybiBfbXNnOyB9IH0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4cGxpY2l0IG9wZXJhdG9yIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgV2luMzJFeGNlcHRpb24obWVzc2FnZSk7IH0KICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgUHJpdmlsZWdlcwogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IFVJbnQzMiBUT0tFTl9QUklWSUxFR0VTID0gMzsKCgogICAgICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBDaGVja1ByaXZpbGVnZU5hbWUoc3RyaW5nIG5hbWUpCiAgICAgICAgewogICAgICAgICAgICBOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZDsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIG5hbWUsIG91dCBsdWlkKSkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICBpZiAoZXJyQ29kZSAhPSAxMzEzKSAgLy8gRVJST1JfTk9fU1VDSF9QUklWSUxFR0UKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oZXJyQ29kZSwgU3RyaW5nLkZvcm1hdCgiTG9va3VwUHJpdmlsZWdlVmFsdWUoezB9KSBmYWlsZWQiLCBuYW1lKSk7CiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICByZXR1cm4gdHJ1ZTsKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IERpc2FibGVQcml2aWxlZ2UoU2FmZUhhbmRsZSB0b2tlbiwgc3RyaW5nIHByaXZpbGVnZSkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgZmFsc2UgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBEaXNhYmxlQWxsUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuKQogICAgICAgIHsKICAgICAgICAgICAgcmV0dXJuIEFkanVzdFRva2VuUHJpdmlsZWdlcyh0b2tlbiwgbnVsbCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIERpY3Rpb25hcnk8c3RyaW5nLCBib29sPz4gRW5hYmxlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICByZXR1cm4gU2V0VG9rZW5Qcml2aWxlZ2VzKHRva2VuLCBuZXcgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PigpIHsgeyBwcml2aWxlZ2UsIHRydWUgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IEdldEFsbFByaXZpbGVnZUluZm8oU2FmZUhhbmRsZSB0b2tlbikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBoVG9rZW4gPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLk9wZW5Qcm9jZXNzVG9rZW4odG9rZW4sIFRva2VuQWNjZXNzTGV2ZWxzLlF1ZXJ5LCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiT3BlblByb2Nlc3NUb2tlbigpIGZhaWxlZCIpOwoKICAgICAgICAgICAgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IGluZm8gPSBuZXcgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+KCk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBVSW50MzIgdG9rZW5MZW5ndGggPSAwOwogICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5HZXRUb2tlbkluZm9ybWF0aW9uKGhUb2tlbiwgVE9LRU5fUFJJVklMRUdFUywgSW50UHRyLlplcm8sIDAsIG91dCB0b2tlbkxlbmd0aCk7CgogICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlczsKICAgICAgICAgICAgICAgIEludFB0ciBwcml2aWxlZ2VzUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoKGludCl0b2tlbkxlbmd0aCk7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuR2V0VG9rZW5JbmZvcm1hdGlvbihoVG9rZW4sIFRPS0VOX1BSSVZJTEVHRVMsIHByaXZpbGVnZXNQdHIsIHRva2VuTGVuZ3RoLCBvdXQgdG9rZW5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkdldFRva2VuSW5mb3JtYXRpb24oKSBmb3IgVE9LRU5fUFJJVklMRUdFUyBmYWlsZWQiKTsKCiAgICAgICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTIHByaXZpbGVnZUluZm8gPSAoTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTKU1hcnNoYWwuUHRyVG9TdHJ1Y3R1cmUocHJpdmlsZWdlc1B0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgIHByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW3ByaXZpbGVnZUluZm8uUHJpdmlsZWdlQ291bnRdOwogICAgICAgICAgICAgICAgICAgIFB0clRvU3RydWN0dXJlQXJyYXkocHJpdmlsZWdlcywgSW50UHRyLkFkZChwcml2aWxlZ2VzUHRyLCBNYXJzaGFsLlNpemVPZihwcml2aWxlZ2VJbmZvLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwocHJpdmlsZWdlc1B0cik7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgaW5mbyA9IHByaXZpbGVnZXMuVG9EaWN0aW9uYXJ5KHAgPT4gR2V0UHJpdmlsZWdlTmFtZShwLkx1aWQpLCBwID0+IHAuQXR0cmlidXRlcyk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBOYXRpdmVNZXRob2RzLkNsb3NlSGFuZGxlKGhUb2tlbik7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcmV0dXJuIGluZm87CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIFNhZmVXYWl0SGFuZGxlIEdldEN1cnJlbnRQcm9jZXNzKCkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBOYXRpdmVNZXRob2RzLkdldEN1cnJlbnRQcm9jZXNzKCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgUmVtb3ZlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgbnVsbCB9IH0pOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IFNldFRva2VuUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuLCBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IHN0YXRlKQogICAgICAgIHsKICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlQXR0ciA9IG5ldyBOYXRpdmVIZWxwZXJzLkxVSURfQU5EX0FUVFJJQlVURVNbc3RhdGUuQ291bnRdOwogICAgICAgICAgICBpbnQgaSA9IDA7CgogICAgICAgICAgICBmb3JlYWNoIChLZXlWYWx1ZVBhaXI8c3RyaW5nLCBib29sPz4gZW50cnkgaW4gc3RhdGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRCBsdWlkOwogICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIGVudHJ5LktleSwgb3V0IGx1aWQpKQogICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJMb29rdXBQcml2aWxlZ2VWYWx1ZSh7MH0pIGZhaWxlZCIsIGVudHJ5LktleSkpOwoKICAgICAgICAgICAgICAgIFByaXZpbGVnZUF0dHJpYnV0ZXMgYXR0cmlidXRlczsKICAgICAgICAgICAgICAgIHN3aXRjaCAoZW50cnkuVmFsdWUpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgY2FzZSB0cnVlOgogICAgICA ScriptBlock ID: 09358417-d00f-4ee1-8de3-28ca179cf571 Path:	4104	1		3	2	15	0	1913	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4564	1220	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:12 PM	e5295ba9-9827-0005-a185-2de52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1912	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4564	3188	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:12 PM	e5295ba9-9827-0001-0a5d-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4564 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1911	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4564	4604	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:12 PM	e5295ba9-9827-0001-0a5d-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1910	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4564	3188	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:12 PM	e5295ba9-9827-0001-0a5d-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1909	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4344	1500	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:11 PM	e5295ba9-9827-0001-045d-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4344 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1908	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4344	2876	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:11 PM	e5295ba9-9827-0001-045d-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1907	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4344	1500	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:11 PM	e5295ba9-9827-0001-045d-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1906	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	912	1320	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:11 PM	e5295ba9-9827-0002-c36f-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 912 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1905	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	912	2096	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:11 PM	e5295ba9-9827-0002-c36f-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1904	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	912	1320	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:11 PM	e5295ba9-9827-0002-c36f-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1903	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4176	3272	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:11 PM	e5295ba9-9827-0001-df5c-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4176 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1902	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4176	1888	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:11 PM	e5295ba9-9827-0001-df5c-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1901	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4176	3272	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:11 PM	e5295ba9-9827-0001-df5c-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1900	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3284	5052	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:10 PM	e5295ba9-9827-0001-de5c-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3284 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1899	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3284	904	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:10 PM	e5295ba9-9827-0001-de5c-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1898	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3284	5052	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:10 PM	e5295ba9-9827-0001-de5c-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: c5dab446-9230-40dd-8b7f-0bb65068ca21 Path:	4104	1		3	2	15	0	1897	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2520	1816	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:10 PM	e5295ba9-9827-0003-c96d-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 56a3890a-4140-4e61-80ce-b6e067f4f5c4 Path:	4104	1		3	2	15	0	1896	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2520	4208	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:10 PM	e5295ba9-9827-0003-c56d-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: feac9716-ce6b-4cbb-9100-ebad99a34991 Path:	4104	1		3	2	15	0	1895	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2520	4208	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:10 PM	e5295ba9-9827-0003-b66d-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "src": "C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1629729067.12-258645967843330\\source", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "dest": "C:\\eventlogjs.txt", "checksum": "3d83b7bd9b4b6f109f75affd8ae845d7acd9808d", "_ansible_module_name": "copy", "_ansible_debug": false, "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_original_basename": "eventlogjs.txt", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "mode": null, "_ansible_check_mode": false, "_ansible_shell_executable": "/bin/sh", "follow": false, "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1629729067.12-258645967843330'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: fddfa3ff-baa1-47a4-81dc-be73392e3a56 Path:	4104	1		3	2	15	0	1894	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2520	4208	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:09 PM	e5295ba9-9827-0003-aa6d-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): RoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1 ScriptBlock ID: fddfa3ff-baa1-47a4-81dc-be73392e3a56 Path:	4104	1		3	2	15	0	1893	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2520	4208	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:09 PM	e5295ba9-9827-0003-aa6d-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIH ScriptBlock ID: fddfa3ff-baa1-47a4-81dc-be73392e3a56 Path:	4104	1		3	2	15	0	1892	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2520	4208	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:09 PM	e5295ba9-9827-0003-aa6d-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1891	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2520	816	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:09 PM	e5295ba9-9827-0001-d35c-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2520 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1890	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2520	4908	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:09 PM	e5295ba9-9827-0001-d35c-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1889	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2520	816	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:09 PM	e5295ba9-9827-0001-d35c-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): begin { $path = 'C:\Users\Admin\AppData\Local\Temp\ansible-tmp-1629729067.12-258645967843330\source' $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 $fd = [System.IO.File]::Create($path) $sha1 = [System.Security.Cryptography.SHA1CryptoServiceProvider]::Create() $bytes = @() #initialize for empty file case } process { $bytes = [System.Convert]::FromBase64String($input) $sha1.TransformBlock($bytes, 0, $bytes.Length, $bytes, 0) | Out-Null $fd.Write($bytes, 0, $bytes.Length) } end { $sha1.TransformFinalBlock($bytes, 0, 0) | Out-Null $hash = [System.BitConverter]::ToString($sha1.Hash).Replace("-", "").ToLowerInvariant() $fd.Close() Write-Output "{""sha1"":""$hash""}" } ScriptBlock ID: 5b521107-7800-4931-861c-52f8fd8a9db1 Path:	4104	1		3	2	15	0	1888	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4748	4588	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:09 PM	e5295ba9-9827-0001-c75c-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1887	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4748	4944	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:09 PM	e5295ba9-9827-0002-b46f-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4748 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1886	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4748	4620	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:09 PM	e5295ba9-9827-0002-b46f-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1885	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4748	4944	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:09 PM	e5295ba9-9827-0002-b46f-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 7889d0a0-8187-4e09-b47e-a8b09ac86c95 Path:	4104	1		3	2	15	0	1884	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1588	944	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:08 PM	e5295ba9-9827-0000-56a2-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): emaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } } '@ Function Import-PrivilegeUtil { <# .SYNOPSIS Compiles the C# code that can be used to manage Windows privileges from an Ansible module. Once this function is called, the following PowerShell cmdlets can be used; Get-AnsiblePrivilege Set-AnsiblePrivilege The above cmdlets give the ability to manage permissions on the current process token but the underlying .NET classes are also exposed for greater control. The following functions can be used by calling the .NET class [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($name) [Ansible.PrivilegeUtil.Privileges]::DisablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::DisableAllPrivileges($process) [Ansible.PrivilegeUtil.Privileges]::EnablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process) [Ansible.PrivilegeUtil.Privileges]::RemovePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process, $new_state) Here is a brief explanation of each type of arg $process = The process handle to manipulate, use '[Ansible.PrivilegeUtils.Privileges]::GetCurrentProcess()' to get the current process handle $name = The name of the privilege, this is the constant value from https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants, e.g. SeAuditPrivilege $new_state = 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' The key is the constant name as a string, the value is a ternary boolean where true - will enable the privilege false - will disable the privilege null - will remove the privilege Each method that changes the privilege state will return a dictionary that can be used as the $new_state arg of SetTokenPrivileges to undo and revert back to the original state. If you remove a privilege then this is irreversible and won't be part of the returned dict #> [CmdletBinding()] # build the C# code to compile $namespace_import = ($ansible_privilege_util_namespaces | ForEach-Object { "using $_;" }) -join "`r`n" $platform_util = "$namespace_import`r`n`r`n$ansible_privilege_util_code" # FUTURE: find a better way to get the _ansible_remote_tmp variable # this is used to force csc to compile the C# code in the remote tmp # specified $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $platform_util $env:TMP = $original_tmp } Function Get-AnsiblePrivilege { <# .SYNOPSIS Get the status of a privilege for the current process. This returns $true - the privilege is enabled $false - the privilege is disabled $null - the privilege is removed from the token If Name is not a valid privilege name, this will throw an ArgumentException. .EXAMPLE Get-AnsiblePrivilege -Name SeDebugPrivilege #> [CmdletBinding()] param( [Parameter(Mandatory=$true)][String]$Name ) if (-not [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($Name)) { throw [System.ArgumentException] "Invalid privilege name '$Name'" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() $privilege_info = [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process_token) if ($privilege_info.ContainsKey($Name)) { $status = $privilege_info.$Name return $status.HasFlag([Ansible.PrivilegeUtil.PrivilegeAttributes]::Enabled) } else { return $null } } Function Set-AnsiblePrivilege { <# .SYNOPSIS Enables/Disables a privilege on the current process' token. If a privilege has been removed from the process token, this will throw an InvalidOperationException. .EXAMPLE # enable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $true # disable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $false #> [CmdletBinding(SupportsShouldProcess)] param( [Parameter(Mandatory=$true)][String]$Name, [Parameter(Mandatory=$true)][bool]$Value ) $action = switch($Value) { $true { "Enable" } $false { "Disable" } } $current_state = Get-AnsiblePrivilege -Name $Name if ($current_state -eq $Value) { return # no change needs to occur } elseif ($null -eq $current_state) { # once a privilege is removed from a token we cannot do anything with it throw [System.InvalidOperationException] "Cannot $($action.ToLower()) the privilege '$Name' as it has been removed from the token" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() if ($PSCmdlet.ShouldProcess($Name, "$action the privilege $Name")) { $new_state = New-Object -TypeName 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' $new_state.Add($Name, $Value) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process_token, $new_state) > $null } } Export-ModuleMember -Function Import-PrivilegeUtil, Get-AnsiblePrivilege, Set-AnsiblePrivilege ` -Variable ansible_privilege_util_namespaces, ansible_privilege_util_code ScriptBlock ID: b8a508f4-b81b-4550-b71b-d8690d4f7368 Path:	4104	1		3	2	15	0	1883	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1588	944	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:08 PM	e5295ba9-9827-0000-52a2-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): # Copyright (c) 2018 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) # store in separate variables to make it easier for other module_utils to # share this code in their own c# code $ansible_privilege_util_namespaces = @( "Microsoft.Win32.SafeHandles", "System", "System.Collections.Generic", "System.Linq", "System.Runtime.InteropServices", "System.Security.Principal", "System.Text" ) $ansible_privilege_util_code = @' namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the r ScriptBlock ID: b8a508f4-b81b-4550-b71b-d8690d4f7368 Path:	4104	1		3	2	15	0	1882	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1588	944	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:08 PM	e5295ba9-9827-0000-52a2-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) #Requires -Module Ansible.ModuleUtils.PrivilegeUtil Function Load-LinkUtils() { $link_util = @' using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } } '@ # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $link_util $env:TMP = $original_tmp Import-PrivilegeUtil # enable the SeBackupPrivilege if it is disabled $state = Get-AnsiblePrivilege -Name SeBackupPrivilege if ($state -eq $false) { Set-AnsiblePrivilege -Name SeBackupPrivilege -Value $true } } Function Get-Link($link_path) { $link_info = [Ansible.LinkUtil]::GetLinkInfo($link_path) return $link_info } Function Remove-Link($link_path) { [Ansible.LinkUtil]::DeleteLink($link_path) } Function New-Link($link_path, $link_target, $link_type) { if (-not (Test-Path -Path $link_target)) { throw "link_target '$link_target' does not exist, cannot create link" } switch($link_type) { "link" { $type = [Ansible.LinkType]::SymbolicLink } "junction" { if (Test-Path -Path $link_target -PathType Leaf) { throw "cannot set the target for a junction point to a file" } $type = [Ansible.LinkType]::JunctionPoint } "hard" { if (Test-Path -Path $link_target -PathType Container) { throw "cannot set the target for a hard link to a directory" } $type = [Ansible.LinkType]::HardLink } default { throw "invalid link_type option $($link_type): expecting link, junction, hard" } } [Ansible.LinkUtil]::CreateLink($link_path, $link_target, $type) } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: b23c1fee-39b0-4d86-9e12-13af8f6e1536 Path:	4104	1		3	2	15	0	1881	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1588	944	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:08 PM	e5295ba9-9827-0005-6685-2de52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 974cf4a6-a605-47fe-8f36-803e11ebe196 Path:	4104	1		3	2	15	0	1880	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1588	944	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:08 PM	e5295ba9-9827-0005-5785-2de52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (8 of 8): yZ2V0cyA9IEAoJGhsbmtfdGFyZ2V0cykKICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CgogICAgJHJlc3VsdC5zdGF0ID0gJHN0YXQKfQoKRXhpdC1Kc29uICRyZXN1bHQK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "stat", "_ansible_debug": false, "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_shell_executable": "/bin/sh", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "get_checksum": true, "_ansible_check_mode": false, "checksum_algo": "sha1", "follow": false, "path": "C:\\eventlogjs.txt", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1629729067.12-258645967843330'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: b7a76ebf-6060-4c9f-bd7f-cb39a5dedd31 Path:	4104	1		3	2	15	0	1879	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1588	944	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:08 PM	e5295ba9-9827-0005-5185-2de52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (7 of 8): iAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5GaWxlVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxpbmtVdGlsCgpmdW5jdGlvbiBEYXRlVG8tVGltZXN0YW1wKCRzdGFydF9kYXRlLCAkZW5kX2RhdGUpIHsKICAgIGlmICgkc3RhcnRfZGF0ZSAtYW5kICRlbmRfZGF0ZSkgewogICAgICAgIHJldHVybiAoTmV3LVRpbWVTcGFuIC1TdGFydCAkc3RhcnRfZGF0ZSAtRW5kICRlbmRfZGF0ZSkuVG90YWxTZWNvbmRzCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJwYXRoIiAtdHlwZSAicGF0aCIgLWZhaWxpZmVtcHR5ICR0cnVlIC1hbGlhc2VzICJkZXN0IiwibmFtZSIKJGdldF9tZDUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2V0X21kNSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokZ2V0X2NoZWNrc3VtID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImdldF9jaGVja3N1bSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCiRjaGVja3N1bV9hbGdvcml0aG0gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hlY2tzdW1fYWxnb3JpdGhtIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAic2hhMSIgLXZhbGlkYXRlc2V0ICJtZDUiLCJzaGExIiwic2hhMjU2Iiwic2hhMzg0Iiwic2hhNTEyIgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCiAgICBzdGF0ID0gQHsKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfQoKIyBnZXRfbWQ1IHdpbGwgYmUgYW4gdW5kb2N1bWVudGVkIG9wdGlvbiBpbiAyLjkgdG8gYmUgcmVtb3ZlZCBhdCBhIGxhdGVyCiMgZGF0ZSBpZiBwb3NzaWJsZSAoMy4wKykKaWYgKEdldC1NZW1iZXIgLWlucHV0b2JqZWN0ICRwYXJhbXMgLW5hbWUgImdldF9tZDUiKSB7CiAgICBBZGQtRGVwcmVhY3Rpb25XYXJuaW5nIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiZ2V0X21kNSBoYXMgYmVlbiBkZXByZWNhdGVkIGFsb25nIHdpdGggdGhlIG1kNSByZXR1cm4gdmFsdWUsIHVzZSBnZXRfY2hlY2tzdW09VHJ1ZSBhbmQgY2hlY2tzdW1fYWxnb3JpdGhtPW1kNSBpbnN0ZWFkIiAtdmVyc2lvbiAyLjkKfQoKJGluZm8gPSBHZXQtQW5zaWJsZUl0ZW0gLVBhdGggJHBhdGggLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKSWYgKCRpbmZvIC1uZSAkbnVsbCkgewogICAgJGVwb2NoX2RhdGUgPSBHZXQtRGF0ZSAtRGF0ZSAiMDEvMDEvMTk3MCIKICAgICRhdHRyaWJ1dGVzID0gQCgpCiAgICBmb3JlYWNoICgkYXR0cmlidXRlIGluICgkaW5mby5BdHRyaWJ1dGVzIC1zcGxpdCAnLCcpKSB7CiAgICAgICAgJGF0dHJpYnV0ZXMgKz0gJGF0dHJpYnV0ZS5UcmltKCkKICAgIH0KCiAgICAjIGRlZmF1bHQgdmFsdWVzIHRoYXQgYXJlIGFsd2F5cyBzZXQsIHNwZWNpZmljIHZhbHVlcyBhcmUgc2V0IGJlbG93IHRoaXMKICAgICMgYnV0IGFyZSBrZXB0IGNvbW1lbnRlZCBmb3IgZWFzaWVyIHJlYWRhYmlsaXR5CiAgICAkc3RhdCA9IEB7CiAgICAgICAgZXhpc3RzID0gJHRydWUKICAgICAgICBhdHRyaWJ1dGVzID0gJGluZm8uQXR0cmlidXRlcy5Ub1N0cmluZygpCiAgICAgICAgaXNhcmNoaXZlID0gKCRhdHRyaWJ1dGVzIC1jb250YWlucyAiQXJjaGl2ZSIpCiAgICAgICAgaXNkaXIgPSAkZmFsc2UKICAgICAgICBpc2hpZGRlbiA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIkhpZGRlbiIpCiAgICAgICAgaXNqdW5jdGlvbiA9ICRmYWxzZQogICAgICAgIGlzbG5rID0gJGZhbHNlCiAgICAgICAgaXNyZWFkb25seSA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIlJlYWRPbmx5IikKICAgICAgICBpc3JlZyA9ICRmYWxzZQogICAgICAgIGlzc2hhcmVkID0gJGZhbHNlCiAgICAgICAgbmxpbmsgPSAxICAjIE51bWJlciBvZiBsaW5rcyB0byB0aGUgZmlsZSAoaGFyZCBsaW5rcyksIG92ZXJyaWRlbiBiZWxvdyBpZiBpc2xuawogICAgICAgICMgbG5rX3RhcmdldCA9IGlzbG5rIG9yIGlzanVuY3Rpb24gVGFyZ2V0IG9mIHRoZSBzeW1saW5rLiBOb3RlIHRoYXQgcmVsYXRpdmUgcGF0aHMgcmVtYWluIHJlbGF0aXZlCiAgICAgICAgIyBsbmtfc291cmNlID0gaXNsbmsgb3MgaXNqdW5jdGlvbiBUYXJnZXQgb2YgdGhlIHN5bWxpbmsgbm9ybWFsaXplZCBmb3IgdGhlIHJlbW90ZSBmaWxlc3lzdGVtCiAgICAgICAgaGxua190YXJnZXRzID0gQCgpCiAgICAgICAgY3JlYXRpb250aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkNyZWF0aW9uVGltZSkKICAgICAgICBsYXN0YWNjZXNzdGltZSA9IChEYXRlVG8tVGltZXN0YW1wIC1zdGFydF9kYXRlICRlcG9jaF9kYXRlIC1lbmRfZGF0ZSAkaW5mby5MYXN0QWNjZXNzVGltZSkKICAgICAgICBsYXN0d3JpdGV0aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkxhc3RXcml0ZVRpbWUpCiAgICAgICAgIyBzaXplID0gYSBmaWxlIGFuZCBkaXJlY3RvcnkgLSBjYWxjdWxhdGVkIGJlbG93CiAgICAgICAgcGF0aCA9ICRpbmZvLkZ1bGxOYW1lCiAgICAgICAgZmlsZW5hbWUgPSAkaW5mby5OYW1lCiAgICAgICAgIyBleHRlbnNpb24gPSBhIGZpbGUKICAgICAgICAjIG93bmVyID0gc2V0IG91dHNpdGUgdGhpcyBkaWN0IGluIGNhc2UgaXQgZmFpbHMKICAgICAgICAjIHNoYXJlbmFtZSA9IGEgZGlyZWN0b3J5IGFuZCBpc3NoYXJlZCBpcyBUcnVlCiAgICAgICAgIyBjaGVja3N1bSA9IGEgZmlsZSBhbmQgZ2V0X2NoZWNrc3VtOiBUcnVlCiAgICAgICAgIyBtZDUgPSBhIGZpbGUgYW5kIGdldF9tZDU6IFRydWUKICAgIH0KICAgICRzdGF0Lm93bmVyID0gJGluZm8uR2V0QWNjZXNzQ29udHJvbCgpLk93bmVyCgogICAgIyB2YWx1ZXMgdGhhdCBhcmUgc2V0IGFjY29yZGluZyB0byB0aGUgdHlwZSBvZiBmaWxlCiAgICBpZiAoJGluZm8uQXR0cmlidXRlcy5IYXNGbGFnKFtTeXN0ZW0uSU8uRmlsZUF0dHJpYnV0ZXNdOjpEaXJlY3RvcnkpKSB7CiAgICAgICAgJHN0YXQuaXNkaXIgPSAkdHJ1ZQogICAgICAgICRzaGFyZV9pbmZvID0gR2V0LVdtaU9iamVjdCAtQ2xhc3MgV2luMzJfU2hhcmUgLUZpbHRlciAiUGF0aD0nJCgkc3RhdC5wYXRoIC1yZXBsYWNlICdcXCcsICdcXCcpJyIKICAgICAgICBpZiAoJHNoYXJlX2luZm8gLW5lICRudWxsKSB7CiAgICAgICAgICAgICRzdGF0Lmlzc2hhcmVkID0gJHRydWUKICAgICAgICAgICAgJHN0YXQuc2hhcmVuYW1lID0gJHNoYXJlX2luZm8uTmFtZQogICAgICAgIH0KCiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHNpemUgPSAwCiAgICAgICAgICAgIGZvcmVhY2ggKCRmaWxlIGluICRpbmZvLkVudW1lcmF0ZUZpbGVzKCIqIiwgW1N5c3RlbS5JTy5TZWFyY2hPcHRpb25dOjpBbGxEaXJlY3RvcmllcykpIHsKICAgICAgICAgICAgICAgICRzaXplICs9ICRmaWxlLkxlbmd0aAogICAgICAgICAgICB9CiAgICAgICAgICAgICRzdGF0LnNpemUgPSAkc2l6ZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICAkc3RhdC5zaXplID0gMAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHN0YXQuZXh0ZW5zaW9uID0gJGluZm8uRXh0ZW5zaW9uCiAgICAgICAgJHN0YXQuaXNyZWcgPSAkdHJ1ZQogICAgICAgICRzdGF0LnNpemUgPSAkaW5mby5MZW5ndGgKCiAgICAgICAgaWYgKCRnZXRfbWQ1KSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3RhdC5tZDUgPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gIm1kNSIKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gZ2V0IE1ENSBoYXNoIG9mIGZpbGUsIHJlbW92ZSBnZXRfbWQ1IHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBpZiAoJGdldF9jaGVja3N1bSkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgJHN0YXQuY2hlY2tzdW0gPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gJGNoZWNrc3VtX2FsZ29yaXRobQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byBnZXQgaGFzaCBvZiBmaWxlLCBzZXQgZ2V0X2NoZWNrc3VtIHRvIEZhbHNlIHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAjIEdldCBzeW1ib2xpYyBsaW5rLCBqdW5jdGlvbiBwb2ludCwgaGFyZCBsaW5rIGluZm8KICAgIExvYWQtTGlua1V0aWxzCiAgICB0cnkgewogICAgICAgICRsaW5rX2luZm8gPSBHZXQtTGluayAtbGlua19wYXRoICRpbmZvLkZ1bGxOYW1lCiAgICB9IGNhdGNoIHsKICAgICAgICBBZGQtV2FybmluZyAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBjaGVjay9nZXQgbGluayBpbmZvIGZvciBmaWxlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KICAgIGlmICgkbGlua19pbmZvIC1uZSAkbnVsbCkgewogICAgICAgIHN3aXRjaCAoJGxpbmtfaW5mby5UeXBlKSB7CiAgICAgICAgICAgICJTeW1ib2xpY0xpbmsiIHsKICAgICAgICAgICAgICAgICRzdGF0LmlzbG5rID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJKdW5jdGlvblBvaW50IiB7CiAgICAgICAgICAgICAgICAkc3RhdC5pc2p1bmN0aW9uID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJIYXJkTGluayIgewogICAgICAgICAgICAgICAgJHN0YXQubG5rX3R5cGUgPSAiaGFyZCIKICAgICAgICAgICAgICAgICRzdGF0Lm5saW5rID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cy5Db3VudAoKICAgICAgICAgICAgICAgICMgcmVtb3ZlIGN1cnJlbnQgcGF0aCBmcm9tIHRoZSB0YXJnZXRzCiAgICAgICAgICAgICAgICAkaGxua190YXJnZXRzID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cyB8IFdoZXJlLU9iamVjdCB7ICRfIC1uZSAkc3RhdC5wYXRoIH0KICAgICAgICAgICAgICAgICRzdGF0LmhsbmtfdGF ScriptBlock ID: b7a76ebf-6060-4c9f-bd7f-cb39a5dedd31 Path:	4104	1		3	2	15	0	1878	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1588	944	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:08 PM	e5295ba9-9827-0005-5185-2de52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 8): MKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuC ScriptBlock ID: b7a76ebf-6060-4c9f-bd7f-cb39a5dedd31 Path:	4104	1		3	2	15	0	1877	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1588	944	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:08 PM	e5295ba9-9827-0005-5185-2de52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 8): CAgewogICAgICAgICAgICAgICAgbGlua1R5cGUgPSBMaW5rVHlwZS5KdW5jdGlvblBvaW50OwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIGVycm9yTWVzc2FnZSA9IFN0cmluZy5Gb3JtYXQoIkludmFsaWQgUmVwYXJzZSBUYWc6IHswfSIsIGJ1ZmZlci5SZXBhcnNlVGFnLlRvU3RyaW5nKCkpOwogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEV4Y2VwdGlvbihlcnJvck1lc3NhZ2UpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBzdHJpbmcgcHJpbnROYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlByaW50TmFtZU9mZnNldCAvIFNJWkVfT0ZfV0NIQVIpICsgcGF0aE9mZnNldCwgKGludCkoYnVmZmVyLlByaW50TmFtZUxlbmd0aCAvIFNJWkVfT0ZfV0NIQVIpKTsKICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0IC8gU0laRV9PRl9XQ0hBUikgKyBwYXRoT2Zmc2V0LCAoaW50KShidWZmZXIuU3Vic3RpdHV0ZU5hbWVMZW5ndGggLyBTSVpFX09GX1dDSEFSKSk7CgogICAgICAgICAgICAvLyBUT0RPOiBzaG91bGQgd2UgY2hlY2sgZm9yIFw/XFVOQ1xzZXJ2ZXIgZm9yIGNvbnZlcnQgaXQgdG8gdGhlIE5UIHN0eWxlIFxcc2VydmVyIHBhdGgKICAgICAgICAgICAgLy8gUmVtb3ZlIHRoZSBsZWFkaW5nIFdpbmRvd3Mgb2JqZWN0IGRpcmVjdG9yeSBcP1wgZnJvbSB0aGUgcGF0aCBpZiBwcmVzZW50CiAgICAgICAgICAgIHN0cmluZyB0YXJnZXRQYXRoID0gc3Vic3RpdHV0ZU5hbWU7CiAgICAgICAgICAgIGlmICh0YXJnZXRQYXRoLlN0YXJ0c1dpdGgoIlxcPz9cXCIpKQogICAgICAgICAgICAgICAgdGFyZ2V0UGF0aCA9IHRhcmdldFBhdGguU3Vic3RyaW5nKDQsIHRhcmdldFBhdGguTGVuZ3RoIC0gNCk7CgogICAgICAgICAgICBzdHJpbmcgYWJzb2x1dGVQYXRoID0gdGFyZ2V0UGF0aDsKICAgICAgICAgICAgaWYgKGlzUmVsYXRpdmUpCiAgICAgICAgICAgICAgICBhYnNvbHV0ZVBhdGggPSBQYXRoLkdldEZ1bGxQYXRoKFBhdGguQ29tYmluZShuZXcgRmlsZUluZm8obGlua1BhdGgpLkRpcmVjdG9yeS5GdWxsTmFtZSwgdGFyZ2V0UGF0aCkpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBMaW5rSW5mbwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBUeXBlID0gbGlua1R5cGUsCiAgICAgICAgICAgICAgICBQcmludE5hbWUgPSBwcmludE5hbWUsCiAgICAgICAgICAgICAgICBTdWJzdGl0dXRlTmFtZSA9IHN1YnN0aXR1dGVOYW1lLAogICAgICAgICAgICAgICAgQWJzb2x1dGVQYXRoID0gYWJzb2x1dGVQYXRoLAogICAgICAgICAgICAgICAgVGFyZ2V0UGF0aCA9IHRhcmdldFBhdGgKICAgICAgICAgICAgfTsKICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIHZvaWQgQ3JlYXRlSnVuY3Rpb25Qb2ludChzdHJpbmcgbGlua1BhdGgsIHN0cmluZyBsaW5rVGFyZ2V0KQogICAgICAgIHsKICAgICAgICAgICAgLy8gV2UgbmVlZCB0byBjcmVhdGUgdGhlIGxpbmsgYXMgYSBkaXIgYmVmb3JlaGFuZAogICAgICAgICAgICBEaXJlY3RvcnkuQ3JlYXRlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgZmlsZUhhbmRsZSA9IENyZWF0ZUZpbGUoCiAgICAgICAgICAgICAgICBsaW5rUGF0aCwKICAgICAgICAgICAgICAgIEZpbGVBY2Nlc3MuV3JpdGUsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuUmVhZCB8IEZpbGVTaGFyZS5Xcml0ZSB8IEZpbGVTaGFyZS5Ob25lLAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICBGaWxlTW9kZS5PcGVuLAogICAgICAgICAgICAgICAgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgfCBGSUxFX0ZMQUdfT1BFTl9SRVBBUlNFX1BPSU5ULAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8pOwoKICAgICAgICAgICAgaWYgKGZpbGVIYW5kbGUuSXNJbnZhbGlkKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlRmlsZSh7MH0pIGZhaWxlZCIsIGxpbmtQYXRoKSk7CgogICAgICAgICAgICB0cnkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gIlxcPz9cXCIgKyBQYXRoLkdldEZ1bGxQYXRoKGxpbmtUYXJnZXQpOwogICAgICAgICAgICAgICAgc3RyaW5nIHByaW50TmFtZSA9IGxpbmtUYXJnZXQ7CgogICAgICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICAgICAgYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0ID0gMDsKICAgICAgICAgICAgICAgIGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCA9IChVSW50MTYpKHN1YnN0aXR1dGVOYW1lLkxlbmd0aCAqIFNJWkVfT0ZfV0NIQVIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZU9mZnNldCA9IChVSW50MTYpKGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCArIDIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZUxlbmd0aCA9IChVSW50MTYpKHByaW50TmFtZS5MZW5ndGggKiBTSVpFX09GX1dDSEFSKTsKCiAgICAgICAgICAgICAgICBidWZmZXIuUmVwYXJzZVRhZyA9IElPX1JFUEFSU0VfVEFHX01PVU5UX1BPSU5UOwogICAgICAgICAgICAgICAgYnVmZmVyLlJlcGFyc2VEYXRhTGVuZ3RoID0gKFVJbnQxNikoYnVmZmVyLlN1YnN0aXR1dGVOYW1lTGVuZ3RoICsgYnVmZmVyLlByaW50TmFtZUxlbmd0aCArIDEyKTsKICAgICAgICAgICAgICAgIGJ1ZmZlci5QYXRoQnVmZmVyID0gbmV3IGNoYXJbTUFYSU1VTV9SRVBBUlNFX0RBVEFfQlVGRkVSX1NJWkVdOwoKICAgICAgICAgICAgICAgIGJ5dGVbXSB1bmljb2RlQnl0ZXMgPSBFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHN1YnN0aXR1dGVOYW1lICsgIlwwIiArIHByaW50TmFtZSk7CiAgICAgICAgICAgICAgICBjaGFyW10gcGF0aEJ1ZmZlciA9IEVuY29kaW5nLlVuaWNvZGUuR2V0Q2hhcnModW5pY29kZUJ5dGVzKTsKICAgICAgICAgICAgICAgIEFycmF5LkNvcHkocGF0aEJ1ZmZlciwgYnVmZmVyLlBhdGhCdWZmZXIsIHBhdGhCdWZmZXIuTGVuZ3RoKTsKCiAgICAgICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIChVSW50MzIpKGJ1ZmZlci5SZXBhcnNlRGF0YUxlbmd0aCArIDgpLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLCAwLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgdG8gY3JlYXRlIGp1bmN0aW9uIHBvaW50IGF0IHswfSB0byB7MX0iLCBsaW5rUGF0aCwgbGlua1RhcmdldCkpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZmlsZUhhbmRsZS5EaXNwb3NlKCk7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9Cn0KJ0AKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRsaW5rX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKICAgIEltcG9ydC1Qcml2aWxlZ2VVdGlsCiAgICAjIGVuYWJsZSB0aGUgU2VCYWNrdXBQcml2aWxlZ2UgaWYgaXQgaXMgZGlzYWJsZWQKICAgICRzdGF0ZSA9IEdldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQmFja3VwUHJpdmlsZWdlCiAgICBpZiAoJHN0YXRlIC1lcSAkZmFsc2UpIHsKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZSAtTmFtZSBTZUJhY2t1cFByaXZpbGVnZSAtVmFsdWUgJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUxpbmsoJGxpbmtfcGF0aCkgewogICAgJGxpbmtfaW5mbyA9IFtBbnNpYmxlLkxpbmtVdGlsXTo6R2V0TGlua0luZm8oJGxpbmtfcGF0aCkKICAgIHJldHVybiAkbGlua19pbmZvCn0KCkZ1bmN0aW9uIFJlbW92ZS1MaW5rKCRsaW5rX3BhdGgpIHsKICAgIFtBbnNpYmxlLkxpbmtVdGlsXTo6RGVsZXRlTGluaygkbGlua19wYXRoKQp9CgpGdW5jdGlvbiBOZXctTGluaygkbGlua19wYXRoLCAkbGlua190YXJnZXQsICRsaW5rX3R5cGUpIHsKICAgIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0KSkgewogICAgICAgIHRocm93ICJsaW5rX3RhcmdldCAnJGxpbmtfdGFyZ2V0JyBkb2VzIG5vdCBleGlzdCwgY2Fubm90IGNyZWF0ZSBsaW5rIgogICAgfQogICAgCiAgICBzd2l0Y2goJGxpbmtfdHlwZSkgewogICAgICAgICJsaW5rIiB7CiAgICAgICAgICAgICR0eXBlID0gW0Fuc2libGUuTGlua1R5cGVdOjpTeW1ib2xpY0xpbmsKICAgICAgICB9CiAgICAgICAgImp1bmN0aW9uIiB7CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGp1bmN0aW9uIHBvaW50IHRvIGEgZmlsZSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SnVuY3Rpb25Qb2ludAogICAgICAgIH0KICAgICAgICAiaGFyZCIgewogICAgICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRsaW5rX3RhcmdldCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGhhcmQgbGluayB0byBhIGRpcmVjdG9yeSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SGFyZExpbmsKICAgICAgICB9CiAgICAgICAgZGVmYXVsdCB7IHRocm93ICJpbnZhbGlkIGxpbmtfdHlwZSBvcHRpb24gJCgkbGlua190eXBlKTogZXhwZWN0aW5nIGxpbmssIGp1bmN0aW9uLCBoYXJkIiB9CiAgICB9CiAgICBbQW5zaWJsZS5MaW5rVXRpbF06OkNyZWF0ZUxpbmsoJGxpbmtfcGF0aCwgJGxpbmtfdGFyZ2V0LCAkdHlwZSkKfQoKIyB0aGlzIGxpbmUgbXVzdCBzdGF5IGF0IHRoZSBib3R0b20gdG8gZW5zdXJlIGFsbCBkZWZpbmVkIG1vZHVsZSBwYXJ0cyBhcmUgZXhwb3J0ZWQKRXhwb3J0LU1vZHVsZU1lbWJlciAtQWxpYXMgKiAtRnVuY3Rpb24gKiAtQ21kbGV0ICoK", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPC ScriptBlock ID: b7a76ebf-6060-4c9f-bd7f-cb39a5dedd31 Path:	4104	1		3	2	15	0	1876	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1588	944	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:08 PM	e5295ba9-9827-0005-5185-2de52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 8): AgICAgICBwcml2YXRlIGNvbnN0IEludDY0IElOVkFMSURfSEFORExFX1ZBTFVFID0gLTE7CgogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIFNJWkVfT0ZfV0NIQVIgPSAyOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRSA9IDB4MDAwMDAwMDA7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgU1lNQk9MSUNfTElOS19GTEFHX0RJUkVDVE9SWSA9IDB4MDAwMDAwMDE7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBTYWZlRmlsZUhhbmRsZSBDcmVhdGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLlU0KV0gRmlsZUFjY2VzcyBkd0Rlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5VNCldIEZpbGVTaGFyZSBkd1NoYXJlTW9kZSwKICAgICAgICAgICAgSW50UHRyIGxwU2VjdXJpdHlBdHRyaWJ1dGVzLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuVTQpXSBGaWxlTW9kZSBkd0NyZWF0aW9uRGlzcG9zaXRpb24sCiAgICAgICAgICAgIFVJbnQzMiBkd0ZsYWdzQW5kQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGhUZW1wbGF0ZUZpbGUpOwoKICAgICAgICAvLyBVc2VkIGJ5IEdldFJlcGFyc2VQb2ludEluZm8oKQogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIERldmljZUlvQ29udHJvbCgKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaERldmljZSwKICAgICAgICAgICAgVUludDMyIGR3SW9Db250cm9sQ29kZSwKICAgICAgICAgICAgSW50UHRyIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgUkVQQVJTRV9EQVRBX0JVRkZFUiBscE91dEJ1ZmZlciwKICAgICAgICAgICAgVUludDMyIG5PdXRCdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgVUludDMyIGxwQnl0ZXNSZXR1cm5lZCwKICAgICAgICAgICAgSW50UHRyIGxwT3ZlcmxhcHBlZCk7CgogICAgICAgIC8vIFVzZWQgYnkgQ3JlYXRlSnVuY3Rpb25Qb2ludCgpCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIGJvb2wgRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICBTYWZlRmlsZUhhbmRsZSBoRGV2aWNlLAogICAgICAgICAgICBVSW50MzIgZHdJb0NvbnRyb2xDb2RlLAogICAgICAgICAgICBSRVBBUlNFX0RBVEFfQlVGRkVSIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBJbnRQdHIgbHBPdXRCdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuT3V0QnVmZmVyU2l6ZSwKICAgICAgICAgICAgb3V0IFVJbnQzMiBscEJ5dGVzUmV0dXJuZWQsCiAgICAgICAgICAgIEludFB0ciBscE92ZXJsYXBwZWQpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBHZXRWb2x1bWVQYXRoTmFtZSgKICAgICAgICAgICAgc3RyaW5nIGxwc3pGaWxlTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscHN6Vm9sdW1lUGF0aE5hbWUsCiAgICAgICAgICAgIHJlZiBVSW50MzIgY2NoQnVmZmVyTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIEludFB0ciBGaW5kRmlyc3RGaWxlTmFtZVcoCiAgICAgICAgICAgIHN0cmluZyBscEZpbGVOYW1lLAogICAgICAgICAgICBVSW50MzIgZHdGbGFncywKICAgICAgICAgICAgcmVmIFVJbnQzMiBTdHJpbmdMZW5ndGgsCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgTGlua05hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBGaW5kTmV4dEZpbGVOYW1lVygKICAgICAgICAgICAgSW50UHRyIGhGaW5kU3RyZWFtLAogICAgICAgICAgICByZWYgVUludDMyIFN0cmluZ0xlbmd0aCwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBMaW5rTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEZpbmRDbG9zZSgKICAgICAgICAgICAgSW50UHRyIGhGaW5kRmlsZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeSgKICAgICAgICAgICAgc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBEZWxldGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIENyZWF0ZVN5bWJvbGljTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwU3ltbGlua0ZpbGVOYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBUYXJnZXRGaWxlTmFtZSwKICAgICAgICAgICAgVUludDMyIGR3RmxhZ3MpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVIYXJkTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwRmlsZU5hbWUsCiAgICAgICAgICAgIHN0cmluZyBscEV4aXN0aW5nRmlsZU5hbWUsCiAgICAgICAgICAgIEludFB0ciBscFNlY3VyaXR5QXR0cmlidXRlcyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgTGlua0luZm8gR2V0TGlua0luZm8oc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rUGF0aCk7CiAgICAgICAgICAgIGlmIChhdHRyLkhhc0ZsYWcoRmlsZUF0dHJpYnV0ZXMuUmVwYXJzZVBvaW50KSkKICAgICAgICAgICAgICAgIHJldHVybiBHZXRSZXBhcnNlUG9pbnRJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIGlmICghYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICByZXR1cm4gR2V0SGFyZExpbmtJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIHJldHVybiBudWxsOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUxpbmsoc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgYm9vbCBzdWNjZXNzOwogICAgICAgICAgICBGaWxlQXR0cmlidXRlcyBhdHRyID0gRmlsZS5HZXRBdHRyaWJ1dGVzKGxpbmtQYXRoKTsKICAgICAgICAgICAgaWYgKGF0dHIuSGFzRmxhZyhGaWxlQXR0cmlidXRlcy5EaXJlY3RvcnkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzdWNjZXNzID0gUmVtb3ZlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIHN1Y2Nlc3MgPSBEZWxldGVGaWxlKGxpbmtQYXRoKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgaWYgKCFzdWNjZXNzKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRmFpbGVkIHRvIGRlbGV0ZSBsaW5rIGF0IHswfSIsIGxpbmtQYXRoKSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgQ3JlYXRlTGluayhzdHJpbmcgbGlua1BhdGgsIFN0cmluZyBsaW5rVGFyZ2V0LCBMaW5rVHlwZSBsaW5rVHlwZSkKICAgICAgICB7CiAgICAgICAgICAgIHN3aXRjaCAobGlua1R5cGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGNhc2UgTGlua1R5cGUuU3ltYm9saWNMaW5rOgogICAgICAgICAgICAgICAgICAgIFVJbnQzMiBsaW5rRmxhZ3M7CiAgICAgICAgICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rVGFyZ2V0KTsKICAgICAgICAgICAgICAgICAgICBpZiAoYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICAgICAgICAgIGxpbmtGbGFncyA9IFNZTUJPTElDX0xJTktfRkxBR19ESVJFQ1RPUlk7CiAgICAgICAgICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgICAgICAgICBsaW5rRmxhZ3MgPSBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRTsKCiAgICAgICAgICAgICAgICAgICAgaWYgKCFDcmVhdGVTeW1ib2xpY0xpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIGxpbmtGbGFncykpCiAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZVN5bWJvbGljTGluayh7MH0sIHsxfSwgezJ9KSBmYWlsZWQiLCBsaW5rUGF0aCwgbGlua1RhcmdldCwgbGlua0ZsYWdzKSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkp1bmN0aW9uUG9pbnQ6CiAgICAgICAgICAgICAgICAgICAgQ3JlYXRlSnVuY3Rpb25Qb2ludChsaW5rUGF0aCwgbGlua1RhcmdldCk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkhhcmRMaW5rOgogICAgICAgICAgICAgICAgICAgIGlmICghQ3JlYXRlSGFyZExpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlSGFyZExpbmsoezB9LCB7MX0pIGZhaWxlZCIsIGxpbmtQYXRoLCBsaW5rVGFyZ2V0KSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIExpbmtJbmZvIEdldEhhcmRMaW5rSW5mbyhzdHJpbmcgbGlua1BhdGgpCiAgICAgICAgewogICAgICAgICAgICBVSW50MzIgbWF4UGF0aCA9IDI2MDsKICAgICAgICAgICAgTGlzdDxzdHJpbmc+IHJlc3VsdCA9IG5ldyBMaXN0PHN0cmluZz4oKTsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgc2IgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KW1heFBhdGgpOwogICAgICAgICAgICBVSW50MzIgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgaWYgKCFHZXRWb2x1bWVQYXRoTmFtZShsaW5rUGF0aCwgc2IsIHJlZiBzdHJpbmdMZW5ndGgpKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oIkdldFZvbHVtZVBhdGhOYW1lKCkgZmFpbGVkIik7CiAgICAgICAgICAgIHN0cmluZyB2b2x1bWUgPSBzYi5Ub1N0cmluZygpOwoKICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgSW50UHRyIGZpbmRIYW5kbGUgPSBGaW5kRmlyc3RGaWxlTmFtZVcobGlua1BhdGgsIDAsIHJlZiBzdHJpbmdMZW5ndGgsIHNiKTsKICAgICAgICAgICAgaWYgKGZpbmRIYW5kbGUuVG9JbnQ2NCgpICE9IElOVkFMSURfSEFORExFX1ZBTFVFKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBkbwogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nIGhhcmRMaW5rUGF0aCA9IHNiLlRvU3RyaW5nKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChoYXJkTGlua1BhdGguU3RhcnRzV2l0aCgiXFwiKSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhhcmRMaW5rUGF0aCA9IGhhcmRMaW5rUGF0aC5TdWJzdHJpbmcoMSwgaGFyZExpbmtQYXRoLkxlbmd0aCAtIDEpOwoKICAgICAgICAgICAgICAgICAgICAgICAgcmVzdWx0LkFkZChQYXRoLkNvbWJpbmUodm9sdW1lLCBoYXJkTGlua1BhdGgpKTsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKCiAgICAgICAgICAgICAgICAgICAgfSB3aGlsZSAoRmluZE5leHRGaWxlTmFtZVcoZmluZEhhbmRsZSwgcmVmIHN0cmluZ0xlbmd0aCwgc2IpKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBGaW5kQ2xvc2UoZmluZEhhbmRsZSk7CiAgICAgICAgICAgICAgICB9ICAgICAgICAgICAgICAgIAogICAgICAgICAgICB9CgogICAgICAgICAgICBpZiAocmVzdWx0LkNvdW50ID4gMSkKICAgICAgICAgICAgICAgIHJldHVybiBuZXcgTGlua0luZm8KICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBUeXBlID0gTGlua1R5cGUuSGFyZExpbmssCiAgICAgICAgICAgICAgICAgICAgSGFyZFRhcmdldHMgPSByZXN1bHQuVG9BcnJheSgpCiAgICAgICAgICAgICAgICB9OwoKICAgICAgICAgICAgcmV0dXJuIG51bGw7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBMaW5rSW5mbyBHZXRSZXBhcnNlUG9pbnRJbmZvKHN0cmluZyBsaW5rUGF0aCkKICAgICAgICB7CiAgICAgICAgICAgIFNhZmVGaWxlSGFuZGxlIGZpbGVIYW5kbGUgPSBDcmVhdGVGaWxlKAogICAgICAgICAgICAgICAgbGlua1BhdGgsCiAgICAgICAgICAgICAgICBGaWxlQWNjZXNzLlJlYWQsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuTm9uZSwKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgRmlsZU1vZGUuT3BlbiwKICAgICAgICAgICAgICAgIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgfCBGSUxFX0ZMQUdfQkFDS1VQX1NFTUFOVElDUywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKTsKCiAgICAgICAgICAgIGlmIChmaWxlSGFuZGxlLklzSW52YWxpZCkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZUZpbGUoezB9KSBmYWlsZWQiLCBsaW5rUGF0aCkpOyAgICAgICAgICAgIAoKICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfR0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICAgICAgMCwKICAgICAgICAgICAgICAgICAgICBvdXQgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIE1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgZm9yIGZpbGUgYXQgezB9IiwgbGlua1BhdGgpKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUuRGlzcG9zZSgpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBib29sIGlzUmVsYXRpdmUgPSBmYWxzZTsKICAgICAgICAgICAgaW50IHBhdGhPZmZzZXQgPSAwOwogICAgICAgICAgICBMaW5rVHlwZSBsaW5rVHlwZTsKICAgICAgICAgICAgaWYgKGJ1ZmZlci5SZXBhcnNlVGFnID09IElPX1JFUEFSU0VfVEFHX1NZTUxJTkspCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFVJbnQzMiBidWZmZXJGbGFncyA9IENvbnZlcnQuVG9VSW50MzIoYnVmZmVyLlBhdGhCdWZmZXJbMF0pICsgQ29udmVydC5Ub1VJbnQzMihidWZmZXIuUGF0aEJ1ZmZlclsxXSk7CiAgICAgICAgICAgICAgICBpZiAoYnVmZmVyRmxhZ3MgPT0gU1lNTElOS19GTEFHX1JFTEFUSVZFKQogICAgICAgICAgICAgICAgICAgIGlzUmVsYXRpdmUgPSB0cnVlOwogICAgICAgICAgICAgICAgcGF0aE9mZnNldCA9IDI7CiAgICAgICAgICAgICAgICBsaW5rVHlwZSA9IExpbmtUeXBlLlN5bWJvbGljTGluazsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlIGlmIChidWZmZXIuUmVwYXJzZVRhZyA9PSBJT19SRVBBUlNFX1RBR19NT1VOVF9QT0lOVCkKICAgICAgICAgI ScriptBlock ID: b7a76ebf-6060-4c9f-bd7f-cb39a5dedd31 Path:	4104	1		3	2	15	0	1875	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1588	944	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:08 PM	e5295ba9-9827-0005-5185-2de52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 8): 1Y3R1cmUpOwogICAgICAgICAgICBJbnRQdHIgc3RydWN0UHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoc2l6ZSk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBNYXJzaGFsLlN0cnVjdHVyZVRvUHRyKHN0cnVjdHVyZSwgc3RydWN0UHRyLCBmYWxzZSk7CiAgICAgICAgICAgICAgICBNYXJzaGFsLkNvcHkoc3RydWN0UHRyLCBhcnJheSwgb2Zmc2V0LCBzaXplKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwoc3RydWN0UHRyKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgcmV0dXJuIHNpemU7CiAgICAgICAgfQogICAgfQp9CidACgpGdW5jdGlvbiBJbXBvcnQtUHJpdmlsZWdlVXRpbCB7CiAgICA8IwogICAgLlNZTk9QU0lTCiAgICBDb21waWxlcyB0aGUgQyMgY29kZSB0aGF0IGNhbiBiZSB1c2VkIHRvIG1hbmFnZSBXaW5kb3dzIHByaXZpbGVnZXMgZnJvbSBhbgogICAgQW5zaWJsZSBtb2R1bGUuIE9uY2UgdGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQsIHRoZSBmb2xsb3dpbmcgUG93ZXJTaGVsbAogICAgY21kbGV0cyBjYW4gYmUgdXNlZDsKCiAgICAgICAgR2V0LUFuc2libGVQcml2aWxlZ2UKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZQoKICAgIFRoZSBhYm92ZSBjbWRsZXRzIGdpdmUgdGhlIGFiaWxpdHkgdG8gbWFuYWdlIHBlcm1pc3Npb25zIG9uIHRoZSBjdXJyZW50CiAgICBwcm9jZXNzIHRva2VuIGJ1dCB0aGUgdW5kZXJseWluZyAuTkVUIGNsYXNzZXMgYXJlIGFsc28gZXhwb3NlZCBmb3IgZ3JlYXRlcgogICAgY29udHJvbC4gVGhlIGZvbGxvd2luZyBmdW5jdGlvbnMgY2FuIGJlIHVzZWQgYnkgY2FsbGluZyB0aGUgLk5FVCBjbGFzcwoKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkbmFtZSkKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkRpc2FibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6RGlzYWJsZUFsbFByaXZpbGVnZXMoJHByb2Nlc3MpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpFbmFibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2VzcykKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OlJlbW92ZVByaXZpbGVnZSgkcHJvY2VzcywgJG5hbWUpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3MsICRuZXdfc3RhdGUpCgogICAgSGVyZSBpcyBhIGJyaWVmIGV4cGxhbmF0aW9uIG9mIGVhY2ggdHlwZSBvZiBhcmcKICAgICRwcm9jZXNzID0gVGhlIHByb2Nlc3MgaGFuZGxlIHRvIG1hbmlwdWxhdGUsIHVzZSAnW0Fuc2libGUuUHJpdmlsZWdlVXRpbHMuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCknIHRvIGdldCB0aGUgY3VycmVudCBwcm9jZXNzIGhhbmRsZQogICAgJG5hbWUgPSBUaGUgbmFtZSBvZiB0aGUgcHJpdmlsZWdlLCB0aGlzIGlzIHRoZSBjb25zdGFudCB2YWx1ZSBmcm9tIGh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3dpbmRvd3MvZGVza3RvcC9TZWNBdXRoWi9wcml2aWxlZ2UtY29uc3RhbnRzLCBlLmcuIFNlQXVkaXRQcml2aWxlZ2UKICAgICRuZXdfc3RhdGUgPSAnU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nXSwgW1N5c3RlbS5OdWxsYWJsZWAxW1N5c3RlbS5Cb29sZWFuXV1dJwogICAgICAgIFRoZSBrZXkgaXMgdGhlIGNvbnN0YW50IG5hbWUgYXMgYSBzdHJpbmcsIHRoZSB2YWx1ZSBpcyBhIHRlcm5hcnkgYm9vbGVhbiB3aGVyZQogICAgICAgICAgICB0cnVlIC0gd2lsbCBlbmFibGUgdGhlIHByaXZpbGVnZQogICAgICAgICAgICBmYWxzZSAtIHdpbGwgZGlzYWJsZSB0aGUgcHJpdmlsZWdlCiAgICAgICAgICAgIG51bGwgLSB3aWxsIHJlbW92ZSB0aGUgcHJpdmlsZWdlCgogICAgRWFjaCBtZXRob2QgdGhhdCBjaGFuZ2VzIHRoZSBwcml2aWxlZ2Ugc3RhdGUgd2lsbCByZXR1cm4gYSBkaWN0aW9uYXJ5IHRoYXQKICAgIGNhbiBiZSB1c2VkIGFzIHRoZSAkbmV3X3N0YXRlIGFyZyBvZiBTZXRUb2tlblByaXZpbGVnZXMgdG8gdW5kbyBhbmQgcmV2ZXJ0CiAgICBiYWNrIHRvIHRoZSBvcmlnaW5hbCBzdGF0ZS4gSWYgeW91IHJlbW92ZSBhIHByaXZpbGVnZSB0aGVuIHRoaXMgaXMKICAgIGlycmV2ZXJzaWJsZSBhbmQgd29uJ3QgYmUgcGFydCBvZiB0aGUgcmV0dXJuZWQgZGljdAogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICAjIGJ1aWxkIHRoZSBDIyBjb2RlIHRvIGNvbXBpbGUKICAgICRuYW1lc3BhY2VfaW1wb3J0ID0gKCRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX25hbWVzcGFjZXMgfCBGb3JFYWNoLU9iamVjdCB7ICJ1c2luZyAkXzsiIH0pIC1qb2luICJgcmBuIgogICAgJHBsYXRmb3JtX3V0aWwgPSAiJG5hbWVzcGFjZV9pbXBvcnRgcmBuYHJgbiRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGUiCgogICAgIyBGVVRVUkU6IGZpbmQgYSBiZXR0ZXIgd2F5IHRvIGdldCB0aGUgX2Fuc2libGVfcmVtb3RlX3RtcCB2YXJpYWJsZQogICAgIyB0aGlzIGlzIHVzZWQgdG8gZm9yY2UgY3NjIHRvIGNvbXBpbGUgdGhlIEMjIGNvZGUgaW4gdGhlIHJlbW90ZSB0bXAKICAgICMgc3BlY2lmaWVkCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwbGF0Zm9ybV91dGlsCiAgICAkZW52OlRNUCA9ICRvcmlnaW5hbF90bXAKfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQcml2aWxlZ2UgewogICAgPCMKICAgIC5TWU5PUFNJUwogICAgR2V0IHRoZSBzdGF0dXMgb2YgYSBwcml2aWxlZ2UgZm9yIHRoZSBjdXJyZW50IHByb2Nlc3MuIFRoaXMgcmV0dXJucwogICAgICAgICR0cnVlIC0gdGhlIHByaXZpbGVnZSBpcyBlbmFibGVkCiAgICAgICAgJGZhbHNlIC0gdGhlIHByaXZpbGVnZSBpcyBkaXNhYmxlZAogICAgICAgICRudWxsIC0gdGhlIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gdGhlIHRva2VuCgogICAgSWYgTmFtZSBpcyBub3QgYSB2YWxpZCBwcml2aWxlZ2UgbmFtZSwgdGhpcyB3aWxsIHRocm93IGFuCiAgICBBcmd1bWVudEV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VEZWJ1Z1ByaXZpbGVnZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZQogICAgKQoKICAgIGlmICgtbm90IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkTmFtZSkpIHsKICAgICAgICB0aHJvdyBbU3lzdGVtLkFyZ3VtZW50RXhjZXB0aW9uXSAiSW52YWxpZCBwcml2aWxlZ2UgbmFtZSAnJE5hbWUnIgogICAgfQoKICAgICRwcm9jZXNzX3Rva2VuID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0Q3VycmVudFByb2Nlc3MoKQogICAgJHByaXZpbGVnZV9pbmZvID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2Vzc190b2tlbikKICAgIGlmICgkcHJpdmlsZWdlX2luZm8uQ29udGFpbnNLZXkoJE5hbWUpKSB7CiAgICAgICAgJHN0YXR1cyA9ICRwcml2aWxlZ2VfaW5mby4kTmFtZQogICAgICAgIHJldHVybiAkc3RhdHVzLkhhc0ZsYWcoW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VBdHRyaWJ1dGVzXTo6RW5hYmxlZCkKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRudWxsCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1BbnNpYmxlUHJpdmlsZWdlIHsKICAgIDwjCiAgICAuU1lOT1BTSVMKICAgIEVuYWJsZXMvRGlzYWJsZXMgYSBwcml2aWxlZ2Ugb24gdGhlIGN1cnJlbnQgcHJvY2VzcycgdG9rZW4uIElmIGEgcHJpdmlsZWdlCiAgICBoYXMgYmVlbiByZW1vdmVkIGZyb20gdGhlIHByb2Nlc3MgdG9rZW4sIHRoaXMgd2lsbCB0aHJvdyBhbgogICAgSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgIyBlbmFibGUgYSBwcml2aWxlZ2UKICAgIFNldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQ3JlYXRlU3ltYm9saWNMaW5rUHJpdmlsZWdlIC1WYWx1ZSAkdHJ1ZQoKICAgICMgZGlzYWJsZSBhIHByaXZpbGVnZQogICAgU2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VDcmVhdGVTeW1ib2xpY0xpbmtQcml2aWxlZ2UgLVZhbHVlICRmYWxzZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKFN1cHBvcnRzU2hvdWxkUHJvY2VzcyldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZSwKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW2Jvb2xdJFZhbHVlCiAgICApCgogICAgJGFjdGlvbiA9IHN3aXRjaCgkVmFsdWUpIHsKICAgICAgICAkdHJ1ZSB7ICJFbmFibGUiIH0KICAgICAgICAkZmFsc2UgeyAiRGlzYWJsZSIgfQogICAgfQoKICAgICRjdXJyZW50X3N0YXRlID0gR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgJE5hbWUKICAgIGlmICgkY3VycmVudF9zdGF0ZSAtZXEgJFZhbHVlKSB7CiAgICAgICAgcmV0dXJuICAjIG5vIGNoYW5nZSBuZWVkcyB0byBvY2N1cgogICAgfSBlbHNlaWYgKCRudWxsIC1lcSAkY3VycmVudF9zdGF0ZSkgewogICAgICAgICMgb25jZSBhIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gYSB0b2tlbiB3ZSBjYW5ub3QgZG8gYW55dGhpbmcgd2l0aCBpdAogICAgICAgIHRocm93IFtTeXN0ZW0uSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbl0gIkNhbm5vdCAkKCRhY3Rpb24uVG9Mb3dlcigpKSB0aGUgcHJpdmlsZWdlICckTmFtZScgYXMgaXQgaGFzIGJlZW4gcmVtb3ZlZCBmcm9tIHRoZSB0b2tlbiIKICAgIH0KCiAgICAkcHJvY2Vzc190b2tlbiA9IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCkKICAgIGlmICgkUFNDbWRsZXQuU2hvdWxkUHJvY2VzcygkTmFtZSwgIiRhY3Rpb24gdGhlIHByaXZpbGVnZSAkTmFtZSIpKSB7CiAgICAgICAgJG5ld19zdGF0ZSA9IE5ldy1PYmplY3QgLVR5cGVOYW1lICdTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmddLCBbU3lzdGVtLk51bGxhYmxlYDFbU3lzdGVtLkJvb2xlYW5dXV0nCiAgICAgICAgJG5ld19zdGF0ZS5BZGQoJE5hbWUsICRWYWx1ZSkKICAgICAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3NfdG9rZW4sICRuZXdfc3RhdGUpID4gJG51bGwKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gSW1wb3J0LVByaXZpbGVnZVV0aWwsIEdldC1BbnNpYmxlUHJpdmlsZWdlLCBTZXQtQW5zaWJsZVByaXZpbGVnZSBgCiAgICAtVmFyaWFibGUgYW5zaWJsZV9wcml2aWxlZ2VfdXRpbF9uYW1lc3BhY2VzLCBhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGU=", "Ansible.ModuleUtils.LinkUtil": "ICMgQ29weXJpZ2h0IChjKSAyMDE3IEFuc2libGUgUHJvamVjdAogIyBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlIChzZWUgbGljZW5zZXMvc2ltcGxpZmllZF9ic2QudHh0IG9yIGh0dHBzOi8vb3BlbnNvdXJjZS5vcmcvbGljZW5zZXMvQlNELTItQ2xhdXNlKQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Qcml2aWxlZ2VVdGlsCgpGdW5jdGlvbiBMb2FkLUxpbmtVdGlscygpIHsKICAgICRsaW5rX3V0aWwgPSBAJwp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWM7CnVzaW5nIFN5c3RlbS5JTzsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwp1c2luZyBTeXN0ZW0uVGV4dDsKCm5hbWVzcGFjZSBBbnNpYmxlCnsKICAgIHB1YmxpYyBlbnVtIExpbmtUeXBlCiAgICB7CiAgICAgICAgU3ltYm9saWNMaW5rLAogICAgICAgIEp1bmN0aW9uUG9pbnQsCiAgICAgICAgSGFyZExpbmsKICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CgogICAgICAgIHB1YmxpYyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIExpbmtVdGlsV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgb3ZlcnJpZGUgc3RyaW5nIE1lc3NhZ2UgeyBnZXQgeyByZXR1cm4gX21zZzsgfSB9CiAgICAgICAgcHVibGljIHN0YXRpYyBleHBsaWNpdCBvcGVyYXRvciBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBMaW5rSW5mbwogICAgewogICAgICAgIHB1YmxpYyBMaW5rVHlwZSBUeXBlIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICBwdWJsaWMgc3RyaW5nIFByaW50TmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBTdWJzdGl0dXRlTmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBBYnNvbHV0ZVBhdGggeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIHB1YmxpYyBzdHJpbmcgVGFyZ2V0UGF0aCB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZ1tdIEhhcmRUYXJnZXRzIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgIH0KCiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICBwdWJsaWMgc3RydWN0IFJFUEFSU0VfREFUQV9CVUZGRVIKICAgIHsKICAgICAgICBwdWJsaWMgVUludDMyIFJlcGFyc2VUYWc7CiAgICAgICAgcHVibGljIFVJbnQxNiBSZXBhcnNlRGF0YUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFJlc2VydmVkOwogICAgICAgIHB1YmxpYyBVSW50MTYgU3Vic3RpdHV0ZU5hbWVPZmZzZXQ7CiAgICAgICAgcHVibGljIFVJbnQxNiBTdWJzdGl0dXRlTmFtZUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZU9mZnNldDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZUxlbmd0aDsKCiAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkJ5VmFsQXJyYXksIFNpemVDb25zdCA9IExpbmtVdGlsLk1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFKV0KICAgICAgICBwdWJsaWMgY2hhcltdIFBhdGhCdWZmZXI7CiAgICB9CgogICAgcHVibGljIGNsYXNzIExpbmtVdGlsCiAgICB7CiAgICAgICAgcHVibGljIGNvbnN0IGludCBNQVhJTVVNX1JFUEFSU0VfREFUQV9CVUZGRVJfU0laRSA9IDEwMjQgKiAxNjsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgPSAweDAyMDAwMDAwOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgPSAweDAwMjAwMDAwOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBGU0NUTF9HRVRfUkVQQVJTRV9QT0lOVCA9IDB4MDAwOTAwQTg7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQgPSAweDAwMDkwMEE0OwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfREVWSUNFX0ZJTEVfU1lTVEVNID0gMHgwMDA5MDAwMDsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgSU9fUkVQQVJTRV9UQUdfTU9VTlRfUE9JTlQgPSAweEEwMDAwMDAzOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIElPX1JFUEFSU0VfVEFHX1NZTUxJTksgPSAweEEwMDAwMDBDOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1MSU5LX0ZMQUdfUkVMQVRJVkUgPSAweDAwMDAwMDAxOwoKIC ScriptBlock ID: b7a76ebf-6060-4c9f-bd7f-cb39a5dedd31 Path:	4104	1		3	2	15	0	1874	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1588	944	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:08 PM	e5295ba9-9827-0005-5185-2de52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 8): VE9LRU5fUFJJVklMRUdFUywgSW50UHRyLlplcm8sIDAsIG91dCB0b2tlbkxlbmd0aCk7CgogICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlczsKICAgICAgICAgICAgICAgIEludFB0ciBwcml2aWxlZ2VzUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoKGludCl0b2tlbkxlbmd0aCk7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuR2V0VG9rZW5JbmZvcm1hdGlvbihoVG9rZW4sIFRPS0VOX1BSSVZJTEVHRVMsIHByaXZpbGVnZXNQdHIsIHRva2VuTGVuZ3RoLCBvdXQgdG9rZW5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkdldFRva2VuSW5mb3JtYXRpb24oKSBmb3IgVE9LRU5fUFJJVklMRUdFUyBmYWlsZWQiKTsKCiAgICAgICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTIHByaXZpbGVnZUluZm8gPSAoTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTKU1hcnNoYWwuUHRyVG9TdHJ1Y3R1cmUocHJpdmlsZWdlc1B0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgIHByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW3ByaXZpbGVnZUluZm8uUHJpdmlsZWdlQ291bnRdOwogICAgICAgICAgICAgICAgICAgIFB0clRvU3RydWN0dXJlQXJyYXkocHJpdmlsZWdlcywgSW50UHRyLkFkZChwcml2aWxlZ2VzUHRyLCBNYXJzaGFsLlNpemVPZihwcml2aWxlZ2VJbmZvLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwocHJpdmlsZWdlc1B0cik7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgaW5mbyA9IHByaXZpbGVnZXMuVG9EaWN0aW9uYXJ5KHAgPT4gR2V0UHJpdmlsZWdlTmFtZShwLkx1aWQpLCBwID0+IHAuQXR0cmlidXRlcyk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBOYXRpdmVNZXRob2RzLkNsb3NlSGFuZGxlKGhUb2tlbik7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcmV0dXJuIGluZm87CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIFNhZmVXYWl0SGFuZGxlIEdldEN1cnJlbnRQcm9jZXNzKCkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBOYXRpdmVNZXRob2RzLkdldEN1cnJlbnRQcm9jZXNzKCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgUmVtb3ZlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgbnVsbCB9IH0pOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IFNldFRva2VuUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuLCBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IHN0YXRlKQogICAgICAgIHsKICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlQXR0ciA9IG5ldyBOYXRpdmVIZWxwZXJzLkxVSURfQU5EX0FUVFJJQlVURVNbc3RhdGUuQ291bnRdOwogICAgICAgICAgICBpbnQgaSA9IDA7CgogICAgICAgICAgICBmb3JlYWNoIChLZXlWYWx1ZVBhaXI8c3RyaW5nLCBib29sPz4gZW50cnkgaW4gc3RhdGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRCBsdWlkOwogICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIGVudHJ5LktleSwgb3V0IGx1aWQpKQogICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJMb29rdXBQcml2aWxlZ2VWYWx1ZSh7MH0pIGZhaWxlZCIsIGVudHJ5LktleSkpOwoKICAgICAgICAgICAgICAgIFByaXZpbGVnZUF0dHJpYnV0ZXMgYXR0cmlidXRlczsKICAgICAgICAgICAgICAgIHN3aXRjaCAoZW50cnkuVmFsdWUpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgY2FzZSB0cnVlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkOwogICAgICAgICAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgICAgICAgICBjYXNlIGZhbHNlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5EaXNhYmxlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICAgICAgZGVmYXVsdDoKICAgICAgICAgICAgICAgICAgICAgICAgYXR0cmlidXRlcyA9IFByaXZpbGVnZUF0dHJpYnV0ZXMuUmVtb3ZlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgcHJpdmlsZWdlQXR0cltpXS5MdWlkID0gbHVpZDsKICAgICAgICAgICAgICAgIHByaXZpbGVnZUF0dHJbaV0uQXR0cmlidXRlcyA9IGF0dHJpYnV0ZXM7CiAgICAgICAgICAgICAgICBpKys7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHJldHVybiBBZGp1c3RUb2tlblByaXZpbGVnZXModG9rZW4sIHByaXZpbGVnZUF0dHIpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBBZGp1c3RUb2tlblByaXZpbGVnZXMoU2FmZUhhbmRsZSB0b2tlbiwgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gbmV3U3RhdGUpCiAgICAgICAgewogICAgICAgICAgICBib29sIGRpc2FibGVBbGxQcml2aWxlZ2VzOwogICAgICAgICAgICBJbnRQdHIgbmV3U3RhdGVQdHI7CiAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1tdIG9sZFN0YXRlUHJpdmlsZWdlczsKICAgICAgICAgICAgVUludDMyIHJldHVybkxlbmd0aDsKCiAgICAgICAgICAgIGlmIChuZXdTdGF0ZSA9PSBudWxsKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBkaXNhYmxlQWxsUHJpdmlsZWdlcyA9IHRydWU7CiAgICAgICAgICAgICAgICBuZXdTdGF0ZVB0ciA9IEludFB0ci5aZXJvOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZGlzYWJsZUFsbFByaXZpbGVnZXMgPSBmYWxzZTsKCiAgICAgICAgICAgICAgICAvLyBOZWVkIHRvIG1hbnVhbGx5IG1hcnNoYWwgdGhlIGJ5dGVzIHJlcXVpcmVzIGZvciBuZXdTdGF0ZSBhcyB0aGUgY29uc3RhbnQgc2l6ZQogICAgICAgICAgICAgICAgLy8gb2YgTFVJRF9BTkRfQVRUUklCVVRFUyBpcyBzZXQgdG8gMSBhbmQgY2FuJ3QgYmUgb3ZlcnJpZGRlbiBhdCBydW50aW1lLCBUT0tFTl9QUklWSUxFR0VTCiAgICAgICAgICAgICAgICAvLyBhbHdheXMgY29udGFpbnMgYXQgbGVhc3QgMSBlbnRyeSBzbyB3ZSBuZWVkIHRvIGNhbGN1bGF0ZSB0aGUgZXh0cmEgc2l6ZSBpZiB0aGVyZSBhcmUKICAgICAgICAgICAgICAgIC8vIG5vcmUgdGhhbiAxIExVSURfQU5EX0FUVFJJQlVURVMgZW50cnkKICAgICAgICAgICAgICAgIGludCB0b2tlblByaXZpbGVnZXNTaXplID0gTWFyc2hhbC5TaXplT2YodHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgaW50IGx1aWRBdHRyU2l6ZSA9IDA7CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMSkKICAgICAgICAgICAgICAgICAgICBsdWlkQXR0clNpemUgPSBNYXJzaGFsLlNpemVPZih0eXBlb2YoTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTKSkgKiAobmV3U3RhdGUuTGVuZ3RoIC0gMSk7CiAgICAgICAgICAgICAgICBpbnQgdG90YWxTaXplID0gdG9rZW5Qcml2aWxlZ2VzU2l6ZSArIGx1aWRBdHRyU2l6ZTsKICAgICAgICAgICAgICAgIGJ5dGVbXSBuZXdTdGF0ZUJ5dGVzID0gbmV3IGJ5dGVbdG90YWxTaXplXTsKCiAgICAgICAgICAgICAgICAvLyBnZXQgdGhlIGZpcnN0IGVudHJ5IHRoYXQgaW5jbHVkZXMgdGhlIHN0cnVjdCBkZXRhaWxzCiAgICAgICAgICAgICAgICBOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMgdG9rZW5Qcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUygpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgUHJpdmlsZWdlQ291bnQgPSAoVUludDMyKW5ld1N0YXRlLkxlbmd0aCwKICAgICAgICAgICAgICAgICAgICBQcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1sxXSwKICAgICAgICAgICAgICAgIH07CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMCkKICAgICAgICAgICAgICAgICAgICB0b2tlblByaXZpbGVnZXMuUHJpdmlsZWdlc1swXSA9IG5ld1N0YXRlWzBdOwogICAgICAgICAgICAgICAgaW50IG9mZnNldCA9IFN0cnVjdHVyZVRvQnl0ZXModG9rZW5Qcml2aWxlZ2VzLCBuZXdTdGF0ZUJ5dGVzLCAwKTsKCiAgICAgICAgICAgICAgICAvLyBjb3B5IHRoZSByZW1haW5pbmcgTFVJRF9BTkRfQVRUUklCVVRFUyAoaWYgYW55KQogICAgICAgICAgICAgICAgZm9yIChpbnQgaSA9IDE7IGkgPCBuZXdTdGF0ZS5MZW5ndGg7IGkrKykKICAgICAgICAgICAgICAgICAgICBvZmZzZXQgKz0gU3RydWN0dXJlVG9CeXRlcyhuZXdTdGF0ZVtpXSwgbmV3U3RhdGVCeXRlcywgb2Zmc2V0KTsKCiAgICAgICAgICAgICAgICAvLyBmaW5hbGx5IGNyZWF0ZSB0aGUgcG9pbnRlciB0byB0aGUgYnl0ZSBhcnJheSB3ZSBqdXN0IGNyZWF0ZWQKICAgICAgICAgICAgICAgIG5ld1N0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwobmV3U3RhdGVCeXRlcy5MZW5ndGgpOwogICAgICAgICAgICAgICAgTWFyc2hhbC5Db3B5KG5ld1N0YXRlQnl0ZXMsIDAsIG5ld1N0YXRlUHRyLCBuZXdTdGF0ZUJ5dGVzLkxlbmd0aCk7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBJbnRQdHIgaFRva2VuID0gSW50UHRyLlplcm87CiAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuT3BlblByb2Nlc3NUb2tlbih0b2tlbiwgVG9rZW5BY2Nlc3NMZXZlbHMuUXVlcnkgfCBUb2tlbkFjY2Vzc0xldmVscy5BZGp1c3RQcml2aWxlZ2VzLCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIk9wZW5Qcm9jZXNzVG9rZW4oKSBmYWlsZWQgd2l0aCBRdWVyeSBhbmQgQWRqdXN0UHJpdmlsZWdlcyIpOwogICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgSW50UHRyIG9sZFN0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoMCk7CiAgICAgICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkFkanVzdFRva2VuUHJpdmlsZWdlcyhoVG9rZW4sIGRpc2FibGVBbGxQcml2aWxlZ2VzLCBuZXdTdGF0ZVB0ciwgMCwgb2xkU3RhdGVQdHIsIG91dCByZXR1cm5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChlcnJDb2RlICE9IDEyMikgLy8gRVJST1JfSU5TVUZGSUNJRU5UX0JVRkZFUgogICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKGVyckNvZGUsICJBZGp1c3RUb2tlblByaXZpbGVnZXMoKSBmYWlsZWQgdG8gZ2V0IG9sZCBzdGF0ZSBzaXplIik7CiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAvLyByZXNpemUgdGhlIG9sZFN0YXRlUHRyIGJhc2VkIG9uIHRoZSBsZW5ndGggcmV0dXJuZWQgZnJvbSBXaW5kb3dzCiAgICAgICAgICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChvbGRTdGF0ZVB0cik7CiAgICAgICAgICAgICAgICAgICAgb2xkU3RhdGVQdHIgPSBNYXJzaGFsLkFsbG9jSEdsb2JhbCgoaW50KXJldHVybkxlbmd0aCk7CiAgICAgICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBib29sIHJlcyA9IE5hdGl2ZU1ldGhvZHMuQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGhUb2tlbiwgZGlzYWJsZUFsbFByaXZpbGVnZXMsIG5ld1N0YXRlUHRyLCByZXR1cm5MZW5ndGgsIG9sZFN0YXRlUHRyLCBvdXQgcmV0dXJuTGVuZ3RoKTsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBldmVuIHdoZW4gcmVzID09IHRydWUsIEVSUk9SX05PVF9BTExfQVNTSUdORUQgbWF5IGJlIHNldCBhcyB0aGUgbGFzdCBlcnJvciBjb2RlCiAgICAgICAgICAgICAgICAgICAgICAgIGlmICghcmVzIHx8IGVyckNvZGUgIT0gMCkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihlcnJDb2RlLCAiQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKCkgZmFpbGVkIik7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBNYXJzaGFsIHRoZSBvbGRTdGF0ZVB0ciB0byB0aGUgc3RydWN0CiAgICAgICAgICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUyBvbGRTdGF0ZSA9IChOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShvbGRTdGF0ZVB0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgICAgICBvbGRTdGF0ZVByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW29sZFN0YXRlLlByaXZpbGVnZUNvdW50XTsKICAgICAgICAgICAgICAgICAgICAgICAgUHRyVG9TdHJ1Y3R1cmVBcnJheShvbGRTdGF0ZVByaXZpbGVnZXMsIEludFB0ci5BZGQob2xkU3RhdGVQdHIsIE1hcnNoYWwuU2l6ZU9mKG9sZFN0YXRlLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBNYXJzaGFsLkZyZWVIR2xvYmFsKG9sZFN0YXRlUHRyKTsKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5DbG9zZUhhbmRsZShoVG9rZW4pOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaWYgKG5ld1N0YXRlUHRyICE9IEludFB0ci5aZXJvKQogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwobmV3U3RhdGVQdHIpOwogICAgICAgICAgICB9CgogICAgICAgICAgICByZXR1cm4gb2xkU3RhdGVQcml2aWxlZ2VzLlRvRGljdGlvbmFyeShwID0+IEdldFByaXZpbGVnZU5hbWUocC5MdWlkKSwgcCA9PiAoYm9vbD8pcC5BdHRyaWJ1dGVzLkhhc0ZsYWcoUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBzdHJpbmcgR2V0UHJpdmlsZWdlTmFtZShOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZCkKICAgICAgICB7CiAgICAgICAgICAgIFVJbnQzMiBuYW1lTGVuID0gMDsKICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5Mb29rdXBQcml2aWxlZ2VOYW1lKG51bGwsIHJlZiBsdWlkLCBudWxsLCByZWYgbmFtZUxlbik7CgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIG5hbWUgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KShuYW1lTGVuICsgMSkpOwogICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuTG9va3VwUHJpdmlsZWdlTmFtZShudWxsLCByZWYgbHVpZCwgbmFtZSwgcmVmIG5hbWVMZW4pKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJMb29rdXBQcml2aWxlZ2VOYW1lKCkgZmFpbGVkIik7CgogICAgICAgICAgICByZXR1cm4gbmFtZS5Ub1N0cmluZygpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBQdHJUb1N0cnVjdHVyZUFycmF5PFQ+KFRbXSBhcnJheSwgSW50UHRyIHB0cikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBwdHJPZmZzZXQgPSBwdHI7CiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYXJyYXkuTGVuZ3RoOyBpKyssIHB0ck9mZnNldCA9IEludFB0ci5BZGQocHRyT2Zmc2V0LCBNYXJzaGFsLlNpemVPZih0eXBlb2YoVCkpKSkKICAgICAgICAgICAgICAgIGFycmF5W2ldID0gKFQpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShwdHJPZmZzZXQsIHR5cGVvZihUKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBpbnQgU3RydWN0dXJlVG9CeXRlczxUPihUIHN0cnVjdHVyZSwgYnl0ZVtdIGFycmF5LCBpbnQgb2Zmc2V0KQogICAgICAgIHsKICAgICAgICAgICAgaW50IHNpemUgPSBNYXJzaGFsLlNpemVPZihzdHJ ScriptBlock ID: b7a76ebf-6060-4c9f-bd7f-cb39a5dedd31 Path:	4104	1		3	2	15	0	1873	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1588	944	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:08 PM	e5295ba9-9827-0005-5185-2de52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 8): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.PrivilegeUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTggQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiMgc3RvcmUgaW4gc2VwYXJhdGUgdmFyaWFibGVzIHRvIG1ha2UgaXQgZWFzaWVyIGZvciBvdGhlciBtb2R1bGVfdXRpbHMgdG8KIyBzaGFyZSB0aGlzIGNvZGUgaW4gdGhlaXIgb3duIGMjIGNvZGUKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfbmFtZXNwYWNlcyA9IEAoCiAgICAiTWljcm9zb2Z0LldpbjMyLlNhZmVIYW5kbGVzIiwKICAgICJTeXN0ZW0iLAogICAgIlN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljIiwKICAgICJTeXN0ZW0uTGlucSIsCiAgICAiU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzIiwKICAgICJTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsIiwKICAgICJTeXN0ZW0uVGV4dCIKKQoKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfY29kZSA9IEAnCm5hbWVzcGFjZSBBbnNpYmxlLlByaXZpbGVnZVV0aWwKewogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gUHJpdmlsZWdlQXR0cmlidXRlcyA6IHVpbnQKICAgIHsKICAgICAgICBEaXNhYmxlZCA9IDB4MDAwMDAwMDAsCiAgICAgICAgRW5hYmxlZEJ5RGVmYXVsdCA9IDB4MDAwMDAwMDEsCiAgICAgICAgRW5hYmxlZCA9IDB4MDAwMDAwMDIsCiAgICAgICAgUmVtb3ZlZCA9IDB4MDAwMDAwMDQsCiAgICAgICAgVXNlZEZvckFjY2VzcyA9IDB4ODAwMDAwMDAsCiAgICB9CgogICAgaW50ZXJuYWwgY2xhc3MgTmF0aXZlSGVscGVycwogICAgewogICAgICAgIFtTdHJ1Y3RMYXlvdXQoTGF5b3V0S2luZC5TZXF1ZW50aWFsKV0KICAgICAgICBpbnRlcm5hbCBzdHJ1Y3QgTFVJRAogICAgICAgIHsKICAgICAgICAgICAgcHVibGljIFVJbnQzMiBMb3dQYXJ0OwogICAgICAgICAgICBwdWJsaWMgSW50MzIgSGlnaFBhcnQ7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IExVSURfQU5EX0FUVFJJQlVURVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBMVUlEIEx1aWQ7CiAgICAgICAgICAgIHB1YmxpYyBQcml2aWxlZ2VBdHRyaWJ1dGVzIEF0dHJpYnV0ZXM7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IFRPS0VOX1BSSVZJTEVHRVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBVSW50MzIgUHJpdmlsZWdlQ291bnQ7CiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5CeVZhbEFycmF5LCBTaXplQ29uc3QgPSAxKV0KICAgICAgICAgICAgcHVibGljIExVSURfQU5EX0FUVFJJQlVURVNbXSBQcml2aWxlZ2VzOwogICAgICAgIH0KICAgIH0KCiAgICBpbnRlcm5hbCBjbGFzcyBOYXRpdmVNZXRob2RzCiAgICB7CiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIEFkanVzdFRva2VuUHJpdmlsZWdlcygKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuQm9vbCldIGJvb2wgRGlzYWJsZUFsbFByaXZpbGVnZXMsCiAgICAgICAgICAgIEludFB0ciBOZXdTdGF0ZSwKICAgICAgICAgICAgVUludDMyIEJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgSW50UHRyIFByZXZpb3VzU3RhdGUsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIENsb3NlSGFuZGxlKAogICAgICAgICAgICBJbnRQdHIgaE9iamVjdCk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBTYWZlV2FpdEhhbmRsZSBHZXRDdXJyZW50UHJvY2VzcygpOwoKICAgICAgICBbRGxsSW1wb3J0KCJhZHZhcGkzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgR2V0VG9rZW5JbmZvcm1hdGlvbigKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBVSW50MzIgVG9rZW5JbmZvcm1hdGlvbkNsYXNzLAogICAgICAgICAgICBJbnRQdHIgVG9rZW5JbmZvcm1hdGlvbiwKICAgICAgICAgICAgVUludDMyIFRva2VuSW5mb3JtYXRpb25MZW5ndGgsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZU5hbWUoCiAgICAgICAgICAgIHN0cmluZyBscFN5c3RlbU5hbWUsCiAgICAgICAgICAgIHJlZiBOYXRpdmVIZWxwZXJzLkxVSUQgbHBMdWlkLAogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGxwTmFtZSwKICAgICAgICAgICAgcmVmIFVJbnQzMiBjY2hOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZVZhbHVlKAogICAgICAgICAgICBzdHJpbmcgbHBTeXN0ZW1OYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBOYW1lLAogICAgICAgICAgICBvdXQgTmF0aXZlSGVscGVycy5MVUlEIGxwTHVpZCk7CgogICAgICAgIFtEbGxJbXBvcnQoImFkdmFwaTMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBPcGVuUHJvY2Vzc1Rva2VuKAogICAgICAgICAgICBTYWZlSGFuZGxlIFByb2Nlc3NIYW5kbGUsCiAgICAgICAgICAgIFRva2VuQWNjZXNzTGV2ZWxzIERlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIG91dCBJbnRQdHIgVG9rZW5IYW5kbGUpOwogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KICAgICAgICBwdWJsaWMgV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQogICAgICAgIHB1YmxpYyBvdmVycmlkZSBzdHJpbmcgTWVzc2FnZSB7IGdldCB7IHJldHVybiBfbXNnOyB9IH0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4cGxpY2l0IG9wZXJhdG9yIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgV2luMzJFeGNlcHRpb24obWVzc2FnZSk7IH0KICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgUHJpdmlsZWdlcwogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IFVJbnQzMiBUT0tFTl9QUklWSUxFR0VTID0gMzsKCgogICAgICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBDaGVja1ByaXZpbGVnZU5hbWUoc3RyaW5nIG5hbWUpCiAgICAgICAgewogICAgICAgICAgICBOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZDsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIG5hbWUsIG91dCBsdWlkKSkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICBpZiAoZXJyQ29kZSAhPSAxMzEzKSAgLy8gRVJST1JfTk9fU1VDSF9QUklWSUxFR0UKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oZXJyQ29kZSwgU3RyaW5nLkZvcm1hdCgiTG9va3VwUHJpdmlsZWdlVmFsdWUoezB9KSBmYWlsZWQiLCBuYW1lKSk7CiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICByZXR1cm4gdHJ1ZTsKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IERpc2FibGVQcml2aWxlZ2UoU2FmZUhhbmRsZSB0b2tlbiwgc3RyaW5nIHByaXZpbGVnZSkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgZmFsc2UgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBEaXNhYmxlQWxsUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuKQogICAgICAgIHsKICAgICAgICAgICAgcmV0dXJuIEFkanVzdFRva2VuUHJpdmlsZWdlcyh0b2tlbiwgbnVsbCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIERpY3Rpb25hcnk8c3RyaW5nLCBib29sPz4gRW5hYmxlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICByZXR1cm4gU2V0VG9rZW5Qcml2aWxlZ2VzKHRva2VuLCBuZXcgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PigpIHsgeyBwcml2aWxlZ2UsIHRydWUgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IEdldEFsbFByaXZpbGVnZUluZm8oU2FmZUhhbmRsZSB0b2tlbikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBoVG9rZW4gPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLk9wZW5Qcm9jZXNzVG9rZW4odG9rZW4sIFRva2VuQWNjZXNzTGV2ZWxzLlF1ZXJ5LCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiT3BlblByb2Nlc3NUb2tlbigpIGZhaWxlZCIpOwoKICAgICAgICAgICAgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IGluZm8gPSBuZXcgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+KCk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBVSW50MzIgdG9rZW5MZW5ndGggPSAwOwogICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5HZXRUb2tlbkluZm9ybWF0aW9uKGhUb2tlbiwg ScriptBlock ID: b7a76ebf-6060-4c9f-bd7f-cb39a5dedd31 Path:	4104	1		3	2	15	0	1872	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1588	944	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:08 PM	e5295ba9-9827-0005-5185-2de52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1871	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1588	4204	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:08 PM	e5295ba9-9827-0001-a25c-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1588 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1870	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1588	4792	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:07 PM	e5295ba9-9827-0001-a25c-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1869	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1588	4204	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:07 PM	e5295ba9-9827-0001-a25c-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1868	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5020	2124	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:07 PM	e5295ba9-9827-0001-9a5c-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 5020 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1867	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5020	1120	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:07 PM	e5295ba9-9827-0001-9a5c-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1866	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5020	2124	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:07 PM	e5295ba9-9827-0001-9a5c-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1865	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3380	2972	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:07 PM	e5295ba9-9827-0002-9d6f-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3380 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1864	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3380	3216	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:07 PM	e5295ba9-9827-0002-9d6f-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1863	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3380	2972	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:07 PM	e5295ba9-9827-0002-9d6f-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1862	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3692	1768	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:06 PM	e5295ba9-9827-0004-67f5-2ee52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3692 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1861	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3692	5068	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:06 PM	e5295ba9-9827-0004-67f5-2ee52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1860	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3692	1768	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:06 PM	e5295ba9-9827-0004-67f5-2ee52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1859	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4524	2548	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:06 PM	e5295ba9-9827-0001-325c-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4524 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1858	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4524	5100	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:06 PM	e5295ba9-9827-0001-325c-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1857	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4524	2548	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:06 PM	e5295ba9-9827-0001-325c-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: 51d6448c-018e-4e96-b676-24a76dc4dd8f Path:	4104	1		3	2	15	0	1856	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4032	4384	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:06 PM	e5295ba9-9827-0004-2ef5-2ee52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 94adda22-fde8-44b4-a562-f0fd10782f25 Path:	4104	1		3	2	15	0	1855	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4032	2516	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:05 PM	e5295ba9-9827-0000-37a2-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 901eaf93-5ac7-4a85-bf91-502f89d327d6 Path:	4104	1		3	2	15	0	1854	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4032	2516	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:05 PM	e5295ba9-9827-0004-16f5-2ee52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): yBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "src": "C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1629729062.47-26804626232026\\source", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "dest": "C:\\eventlogcss.txt", "checksum": "d051fdb120afddc6f99086f6b8b905bce125cb45", "_ansible_module_name": "copy", "_ansible_debug": false, "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_original_basename": "eventlogcss.txt", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "mode": null, "_ansible_check_mode": false, "_ansible_shell_executable": "/bin/sh", "follow": false, "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1629729062.47-26804626232026'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 6634e502-d83a-47f8-aef9-2f1c7f4fe577 Path:	4104	1		3	2	15	0	1853	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4032	2516	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:05 PM	e5295ba9-9827-0005-1285-2de52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): lX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50c ScriptBlock ID: 6634e502-d83a-47f8-aef9-2f1c7f4fe577 Path:	4104	1		3	2	15	0	1852	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4032	2516	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:05 PM	e5295ba9-9827-0005-1285-2de52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): VsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWx ScriptBlock ID: 6634e502-d83a-47f8-aef9-2f1c7f4fe577 Path:	4104	1		3	2	15	0	1851	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4032	2516	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:05 PM	e5295ba9-9827-0005-1285-2de52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbn ScriptBlock ID: 6634e502-d83a-47f8-aef9-2f1c7f4fe577 Path:	4104	1		3	2	15	0	1850	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4032	2516	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:05 PM	e5295ba9-9827-0005-1285-2de52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1849	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4032	4880	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:05 PM	e5295ba9-9827-0004-0af5-2ee52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4032 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1848	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4032	3184	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:05 PM	e5295ba9-9827-0004-0af5-2ee52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1847	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4032	4880	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:05 PM	e5295ba9-9827-0004-0af5-2ee52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): begin { $path = 'C:\Users\Admin\AppData\Local\Temp\ansible-tmp-1629729062.47-26804626232026\source' $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 $fd = [System.IO.File]::Create($path) $sha1 = [System.Security.Cryptography.SHA1CryptoServiceProvider]::Create() $bytes = @() #initialize for empty file case } process { $bytes = [System.Convert]::FromBase64String($input) $sha1.TransformBlock($bytes, 0, $bytes.Length, $bytes, 0) | Out-Null $fd.Write($bytes, 0, $bytes.Length) } end { $sha1.TransformFinalBlock($bytes, 0, 0) | Out-Null $hash = [System.BitConverter]::ToString($sha1.Hash).Replace("-", "").ToLowerInvariant() $fd.Close() Write-Output "{""sha1"":""$hash""}" } ScriptBlock ID: 713def6d-3f84-432f-af19-00c6321fd70c Path:	4104	1		3	2	15	0	1846	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4576	2704	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:04 PM	e5295ba9-9827-0001-1d5c-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1845	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4576	4960	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:04 PM	e5295ba9-9827-0002-496f-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4576 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1844	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4576	3856	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:04 PM	e5295ba9-9827-0002-496f-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1843	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4576	4960	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:04 PM	e5295ba9-9827-0002-496f-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 3f4b3c39-68ff-4878-8e92-c6152bbe1eec Path:	4104	1		3	2	15	0	1842	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3120	2096	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:04 PM	e5295ba9-9827-0001-f65b-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): ($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $platform_util $env:TMP = $original_tmp } Function Get-AnsiblePrivilege { <# .SYNOPSIS Get the status of a privilege for the current process. This returns $true - the privilege is enabled $false - the privilege is disabled $null - the privilege is removed from the token If Name is not a valid privilege name, this will throw an ArgumentException. .EXAMPLE Get-AnsiblePrivilege -Name SeDebugPrivilege #> [CmdletBinding()] param( [Parameter(Mandatory=$true)][String]$Name ) if (-not [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($Name)) { throw [System.ArgumentException] "Invalid privilege name '$Name'" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() $privilege_info = [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process_token) if ($privilege_info.ContainsKey($Name)) { $status = $privilege_info.$Name return $status.HasFlag([Ansible.PrivilegeUtil.PrivilegeAttributes]::Enabled) } else { return $null } } Function Set-AnsiblePrivilege { <# .SYNOPSIS Enables/Disables a privilege on the current process' token. If a privilege has been removed from the process token, this will throw an InvalidOperationException. .EXAMPLE # enable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $true # disable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $false #> [CmdletBinding(SupportsShouldProcess)] param( [Parameter(Mandatory=$true)][String]$Name, [Parameter(Mandatory=$true)][bool]$Value ) $action = switch($Value) { $true { "Enable" } $false { "Disable" } } $current_state = Get-AnsiblePrivilege -Name $Name if ($current_state -eq $Value) { return # no change needs to occur } elseif ($null -eq $current_state) { # once a privilege is removed from a token we cannot do anything with it throw [System.InvalidOperationException] "Cannot $($action.ToLower()) the privilege '$Name' as it has been removed from the token" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() if ($PSCmdlet.ShouldProcess($Name, "$action the privilege $Name")) { $new_state = New-Object -TypeName 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' $new_state.Add($Name, $Value) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process_token, $new_state) > $null } } Export-ModuleMember -Function Import-PrivilegeUtil, Get-AnsiblePrivilege, Set-AnsiblePrivilege ` -Variable ansible_privilege_util_namespaces, ansible_privilege_util_code ScriptBlock ID: 24b94e30-7ec3-43e0-9a72-a6a7a983e0cd Path:	4104	1		3	2	15	0	1841	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3120	2096	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:04 PM	e5295ba9-9827-0001-f25b-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): # Copyright (c) 2018 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) # store in separate variables to make it easier for other module_utils to # share this code in their own c# code $ansible_privilege_util_namespaces = @( "Microsoft.Win32.SafeHandles", "System", "System.Collections.Generic", "System.Linq", "System.Runtime.InteropServices", "System.Security.Principal", "System.Text" ) $ansible_privilege_util_code = @' namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } } '@ Function Import-PrivilegeUtil { <# .SYNOPSIS Compiles the C# code that can be used to manage Windows privileges from an Ansible module. Once this function is called, the following PowerShell cmdlets can be used; Get-AnsiblePrivilege Set-AnsiblePrivilege The above cmdlets give the ability to manage permissions on the current process token but the underlying .NET classes are also exposed for greater control. The following functions can be used by calling the .NET class [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($name) [Ansible.PrivilegeUtil.Privileges]::DisablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::DisableAllPrivileges($process) [Ansible.PrivilegeUtil.Privileges]::EnablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process) [Ansible.PrivilegeUtil.Privileges]::RemovePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process, $new_state) Here is a brief explanation of each type of arg $process = The process handle to manipulate, use '[Ansible.PrivilegeUtils.Privileges]::GetCurrentProcess()' to get the current process handle $name = The name of the privilege, this is the constant value from https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants, e.g. SeAuditPrivilege $new_state = 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' The key is the constant name as a string, the value is a ternary boolean where true - will enable the privilege false - will disable the privilege null - will remove the privilege Each method that changes the privilege state will return a dictionary that can be used as the $new_state arg of SetTokenPrivileges to undo and revert back to the original state. If you remove a privilege then this is irreversible and won't be part of the returned dict #> [CmdletBinding()] # build the C# code to compile $namespace_import = ($ansible_privilege_util_namespaces | ForEach-Object { "using $_;" }) -join "`r`n" $platform_util = "$namespace_import`r`n`r`n$ansible_privilege_util_code" # FUTURE: find a better way to get the _ansible_remote_tmp variable # this is used to force csc to compile the C# code in the remote tmp # specified $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables ScriptBlock ID: 24b94e30-7ec3-43e0-9a72-a6a7a983e0cd Path:	4104	1		3	2	15	0	1840	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3120	2096	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:04 PM	e5295ba9-9827-0001-f25b-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) #Requires -Module Ansible.ModuleUtils.PrivilegeUtil Function Load-LinkUtils() { $link_util = @' using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } } '@ # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $link_util $env:TMP = $original_tmp Import-PrivilegeUtil # enable the SeBackupPrivilege if it is disabled $state = Get-AnsiblePrivilege -Name SeBackupPrivilege if ($state -eq $false) { Set-AnsiblePrivilege -Name SeBackupPrivilege -Value $true } } Function Get-Link($link_path) { $link_info = [Ansible.LinkUtil]::GetLinkInfo($link_path) return $link_info } Function Remove-Link($link_path) { [Ansible.LinkUtil]::DeleteLink($link_path) } Function New-Link($link_path, $link_target, $link_type) { if (-not (Test-Path -Path $link_target)) { throw "link_target '$link_target' does not exist, cannot create link" } switch($link_type) { "link" { $type = [Ansible.LinkType]::SymbolicLink } "junction" { if (Test-Path -Path $link_target -PathType Leaf) { throw "cannot set the target for a junction point to a file" } $type = [Ansible.LinkType]::JunctionPoint } "hard" { if (Test-Path -Path $link_target -PathType Container) { throw "cannot set the target for a hard link to a directory" } $type = [Ansible.LinkType]::HardLink } default { throw "invalid link_type option $($link_type): expecting link, junction, hard" } } [Ansible.LinkUtil]::CreateLink($link_path, $link_target, $type) } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 67b3634a-0a63-4050-8a27-246a6f1fea4a Path:	4104	1		3	2	15	0	1839	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3120	2096	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:04 PM	e5295ba9-9827-0005-0485-2de52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: ca6b1f15-7436-4f52-ae9a-5453025de6d2 Path:	4104	1		3	2	15	0	1838	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3120	2096	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:03 PM	e5295ba9-9827-0005-f584-2de52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (8 of 8): lbG93IHRoaXMKICAgICMgYnV0IGFyZSBrZXB0IGNvbW1lbnRlZCBmb3IgZWFzaWVyIHJlYWRhYmlsaXR5CiAgICAkc3RhdCA9IEB7CiAgICAgICAgZXhpc3RzID0gJHRydWUKICAgICAgICBhdHRyaWJ1dGVzID0gJGluZm8uQXR0cmlidXRlcy5Ub1N0cmluZygpCiAgICAgICAgaXNhcmNoaXZlID0gKCRhdHRyaWJ1dGVzIC1jb250YWlucyAiQXJjaGl2ZSIpCiAgICAgICAgaXNkaXIgPSAkZmFsc2UKICAgICAgICBpc2hpZGRlbiA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIkhpZGRlbiIpCiAgICAgICAgaXNqdW5jdGlvbiA9ICRmYWxzZQogICAgICAgIGlzbG5rID0gJGZhbHNlCiAgICAgICAgaXNyZWFkb25seSA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIlJlYWRPbmx5IikKICAgICAgICBpc3JlZyA9ICRmYWxzZQogICAgICAgIGlzc2hhcmVkID0gJGZhbHNlCiAgICAgICAgbmxpbmsgPSAxICAjIE51bWJlciBvZiBsaW5rcyB0byB0aGUgZmlsZSAoaGFyZCBsaW5rcyksIG92ZXJyaWRlbiBiZWxvdyBpZiBpc2xuawogICAgICAgICMgbG5rX3RhcmdldCA9IGlzbG5rIG9yIGlzanVuY3Rpb24gVGFyZ2V0IG9mIHRoZSBzeW1saW5rLiBOb3RlIHRoYXQgcmVsYXRpdmUgcGF0aHMgcmVtYWluIHJlbGF0aXZlCiAgICAgICAgIyBsbmtfc291cmNlID0gaXNsbmsgb3MgaXNqdW5jdGlvbiBUYXJnZXQgb2YgdGhlIHN5bWxpbmsgbm9ybWFsaXplZCBmb3IgdGhlIHJlbW90ZSBmaWxlc3lzdGVtCiAgICAgICAgaGxua190YXJnZXRzID0gQCgpCiAgICAgICAgY3JlYXRpb250aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkNyZWF0aW9uVGltZSkKICAgICAgICBsYXN0YWNjZXNzdGltZSA9IChEYXRlVG8tVGltZXN0YW1wIC1zdGFydF9kYXRlICRlcG9jaF9kYXRlIC1lbmRfZGF0ZSAkaW5mby5MYXN0QWNjZXNzVGltZSkKICAgICAgICBsYXN0d3JpdGV0aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkxhc3RXcml0ZVRpbWUpCiAgICAgICAgIyBzaXplID0gYSBmaWxlIGFuZCBkaXJlY3RvcnkgLSBjYWxjdWxhdGVkIGJlbG93CiAgICAgICAgcGF0aCA9ICRpbmZvLkZ1bGxOYW1lCiAgICAgICAgZmlsZW5hbWUgPSAkaW5mby5OYW1lCiAgICAgICAgIyBleHRlbnNpb24gPSBhIGZpbGUKICAgICAgICAjIG93bmVyID0gc2V0IG91dHNpdGUgdGhpcyBkaWN0IGluIGNhc2UgaXQgZmFpbHMKICAgICAgICAjIHNoYXJlbmFtZSA9IGEgZGlyZWN0b3J5IGFuZCBpc3NoYXJlZCBpcyBUcnVlCiAgICAgICAgIyBjaGVja3N1bSA9IGEgZmlsZSBhbmQgZ2V0X2NoZWNrc3VtOiBUcnVlCiAgICAgICAgIyBtZDUgPSBhIGZpbGUgYW5kIGdldF9tZDU6IFRydWUKICAgIH0KICAgICRzdGF0Lm93bmVyID0gJGluZm8uR2V0QWNjZXNzQ29udHJvbCgpLk93bmVyCgogICAgIyB2YWx1ZXMgdGhhdCBhcmUgc2V0IGFjY29yZGluZyB0byB0aGUgdHlwZSBvZiBmaWxlCiAgICBpZiAoJGluZm8uQXR0cmlidXRlcy5IYXNGbGFnKFtTeXN0ZW0uSU8uRmlsZUF0dHJpYnV0ZXNdOjpEaXJlY3RvcnkpKSB7CiAgICAgICAgJHN0YXQuaXNkaXIgPSAkdHJ1ZQogICAgICAgICRzaGFyZV9pbmZvID0gR2V0LVdtaU9iamVjdCAtQ2xhc3MgV2luMzJfU2hhcmUgLUZpbHRlciAiUGF0aD0nJCgkc3RhdC5wYXRoIC1yZXBsYWNlICdcXCcsICdcXCcpJyIKICAgICAgICBpZiAoJHNoYXJlX2luZm8gLW5lICRudWxsKSB7CiAgICAgICAgICAgICRzdGF0Lmlzc2hhcmVkID0gJHRydWUKICAgICAgICAgICAgJHN0YXQuc2hhcmVuYW1lID0gJHNoYXJlX2luZm8uTmFtZQogICAgICAgIH0KCiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHNpemUgPSAwCiAgICAgICAgICAgIGZvcmVhY2ggKCRmaWxlIGluICRpbmZvLkVudW1lcmF0ZUZpbGVzKCIqIiwgW1N5c3RlbS5JTy5TZWFyY2hPcHRpb25dOjpBbGxEaXJlY3RvcmllcykpIHsKICAgICAgICAgICAgICAgICRzaXplICs9ICRmaWxlLkxlbmd0aAogICAgICAgICAgICB9CiAgICAgICAgICAgICRzdGF0LnNpemUgPSAkc2l6ZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICAkc3RhdC5zaXplID0gMAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHN0YXQuZXh0ZW5zaW9uID0gJGluZm8uRXh0ZW5zaW9uCiAgICAgICAgJHN0YXQuaXNyZWcgPSAkdHJ1ZQogICAgICAgICRzdGF0LnNpemUgPSAkaW5mby5MZW5ndGgKCiAgICAgICAgaWYgKCRnZXRfbWQ1KSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3RhdC5tZDUgPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gIm1kNSIKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gZ2V0IE1ENSBoYXNoIG9mIGZpbGUsIHJlbW92ZSBnZXRfbWQ1IHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBpZiAoJGdldF9jaGVja3N1bSkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgJHN0YXQuY2hlY2tzdW0gPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gJGNoZWNrc3VtX2FsZ29yaXRobQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byBnZXQgaGFzaCBvZiBmaWxlLCBzZXQgZ2V0X2NoZWNrc3VtIHRvIEZhbHNlIHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAjIEdldCBzeW1ib2xpYyBsaW5rLCBqdW5jdGlvbiBwb2ludCwgaGFyZCBsaW5rIGluZm8KICAgIExvYWQtTGlua1V0aWxzCiAgICB0cnkgewogICAgICAgICRsaW5rX2luZm8gPSBHZXQtTGluayAtbGlua19wYXRoICRpbmZvLkZ1bGxOYW1lCiAgICB9IGNhdGNoIHsKICAgICAgICBBZGQtV2FybmluZyAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBjaGVjay9nZXQgbGluayBpbmZvIGZvciBmaWxlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KICAgIGlmICgkbGlua19pbmZvIC1uZSAkbnVsbCkgewogICAgICAgIHN3aXRjaCAoJGxpbmtfaW5mby5UeXBlKSB7CiAgICAgICAgICAgICJTeW1ib2xpY0xpbmsiIHsKICAgICAgICAgICAgICAgICRzdGF0LmlzbG5rID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJKdW5jdGlvblBvaW50IiB7CiAgICAgICAgICAgICAgICAkc3RhdC5pc2p1bmN0aW9uID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJIYXJkTGluayIgewogICAgICAgICAgICAgICAgJHN0YXQubG5rX3R5cGUgPSAiaGFyZCIKICAgICAgICAgICAgICAgICRzdGF0Lm5saW5rID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cy5Db3VudAoKICAgICAgICAgICAgICAgICMgcmVtb3ZlIGN1cnJlbnQgcGF0aCBmcm9tIHRoZSB0YXJnZXRzCiAgICAgICAgICAgICAgICAkaGxua190YXJnZXRzID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cyB8IFdoZXJlLU9iamVjdCB7ICRfIC1uZSAkc3RhdC5wYXRoIH0KICAgICAgICAgICAgICAgICRzdGF0LmhsbmtfdGFyZ2V0cyA9IEAoJGhsbmtfdGFyZ2V0cykKICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CgogICAgJHJlc3VsdC5zdGF0ID0gJHN0YXQKfQoKRXhpdC1Kc29uICRyZXN1bHQK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "stat", "_ansible_debug": false, "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_shell_executable": "/bin/sh", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "get_checksum": true, "_ansible_check_mode": false, "checksum_algo": "sha1", "follow": false, "path": "C:\\eventlogcss.txt", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1629729062.47-26804626232026'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 92a189a5-0856-4cec-b53a-43fc33793aa6 Path:	4104	1		3	2	15	0	1837	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3120	2096	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:03 PM	e5295ba9-9827-0005-ef84-2de52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (7 of 8): CAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5GaWxlVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxpbmtVdGlsCgpmdW5jdGlvbiBEYXRlVG8tVGltZXN0YW1wKCRzdGFydF9kYXRlLCAkZW5kX2RhdGUpIHsKICAgIGlmICgkc3RhcnRfZGF0ZSAtYW5kICRlbmRfZGF0ZSkgewogICAgICAgIHJldHVybiAoTmV3LVRpbWVTcGFuIC1TdGFydCAkc3RhcnRfZGF0ZSAtRW5kICRlbmRfZGF0ZSkuVG90YWxTZWNvbmRzCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJwYXRoIiAtdHlwZSAicGF0aCIgLWZhaWxpZmVtcHR5ICR0cnVlIC1hbGlhc2VzICJkZXN0IiwibmFtZSIKJGdldF9tZDUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2V0X21kNSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokZ2V0X2NoZWNrc3VtID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImdldF9jaGVja3N1bSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCiRjaGVja3N1bV9hbGdvcml0aG0gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hlY2tzdW1fYWxnb3JpdGhtIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAic2hhMSIgLXZhbGlkYXRlc2V0ICJtZDUiLCJzaGExIiwic2hhMjU2Iiwic2hhMzg0Iiwic2hhNTEyIgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCiAgICBzdGF0ID0gQHsKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfQoKIyBnZXRfbWQ1IHdpbGwgYmUgYW4gdW5kb2N1bWVudGVkIG9wdGlvbiBpbiAyLjkgdG8gYmUgcmVtb3ZlZCBhdCBhIGxhdGVyCiMgZGF0ZSBpZiBwb3NzaWJsZSAoMy4wKykKaWYgKEdldC1NZW1iZXIgLWlucHV0b2JqZWN0ICRwYXJhbXMgLW5hbWUgImdldF9tZDUiKSB7CiAgICBBZGQtRGVwcmVhY3Rpb25XYXJuaW5nIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiZ2V0X21kNSBoYXMgYmVlbiBkZXByZWNhdGVkIGFsb25nIHdpdGggdGhlIG1kNSByZXR1cm4gdmFsdWUsIHVzZSBnZXRfY2hlY2tzdW09VHJ1ZSBhbmQgY2hlY2tzdW1fYWxnb3JpdGhtPW1kNSBpbnN0ZWFkIiAtdmVyc2lvbiAyLjkKfQoKJGluZm8gPSBHZXQtQW5zaWJsZUl0ZW0gLVBhdGggJHBhdGggLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKSWYgKCRpbmZvIC1uZSAkbnVsbCkgewogICAgJGVwb2NoX2RhdGUgPSBHZXQtRGF0ZSAtRGF0ZSAiMDEvMDEvMTk3MCIKICAgICRhdHRyaWJ1dGVzID0gQCgpCiAgICBmb3JlYWNoICgkYXR0cmlidXRlIGluICgkaW5mby5BdHRyaWJ1dGVzIC1zcGxpdCAnLCcpKSB7CiAgICAgICAgJGF0dHJpYnV0ZXMgKz0gJGF0dHJpYnV0ZS5UcmltKCkKICAgIH0KCiAgICAjIGRlZmF1bHQgdmFsdWVzIHRoYXQgYXJlIGFsd2F5cyBzZXQsIHNwZWNpZmljIHZhbHVlcyBhcmUgc2V0IGJ ScriptBlock ID: 92a189a5-0856-4cec-b53a-43fc33793aa6 Path:	4104	1		3	2	15	0	1836	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3120	2096	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:03 PM	e5295ba9-9827-0005-ef84-2de52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 8): b24gKiAtQ21kbGV0ICoK", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgI ScriptBlock ID: 92a189a5-0856-4cec-b53a-43fc33793aa6 Path:	4104	1		3	2	15	0	1835	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3120	2096	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:03 PM	e5295ba9-9827-0005-ef84-2de52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 8): Glua1BhdGgpKTsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKCiAgICAgICAgICAgICAgICAgICAgfSB3aGlsZSAoRmluZE5leHRGaWxlTmFtZVcoZmluZEhhbmRsZSwgcmVmIHN0cmluZ0xlbmd0aCwgc2IpKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBGaW5kQ2xvc2UoZmluZEhhbmRsZSk7CiAgICAgICAgICAgICAgICB9ICAgICAgICAgICAgICAgIAogICAgICAgICAgICB9CgogICAgICAgICAgICBpZiAocmVzdWx0LkNvdW50ID4gMSkKICAgICAgICAgICAgICAgIHJldHVybiBuZXcgTGlua0luZm8KICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBUeXBlID0gTGlua1R5cGUuSGFyZExpbmssCiAgICAgICAgICAgICAgICAgICAgSGFyZFRhcmdldHMgPSByZXN1bHQuVG9BcnJheSgpCiAgICAgICAgICAgICAgICB9OwoKICAgICAgICAgICAgcmV0dXJuIG51bGw7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBMaW5rSW5mbyBHZXRSZXBhcnNlUG9pbnRJbmZvKHN0cmluZyBsaW5rUGF0aCkKICAgICAgICB7CiAgICAgICAgICAgIFNhZmVGaWxlSGFuZGxlIGZpbGVIYW5kbGUgPSBDcmVhdGVGaWxlKAogICAgICAgICAgICAgICAgbGlua1BhdGgsCiAgICAgICAgICAgICAgICBGaWxlQWNjZXNzLlJlYWQsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuTm9uZSwKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgRmlsZU1vZGUuT3BlbiwKICAgICAgICAgICAgICAgIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgfCBGSUxFX0ZMQUdfQkFDS1VQX1NFTUFOVElDUywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKTsKCiAgICAgICAgICAgIGlmIChmaWxlSGFuZGxlLklzSW52YWxpZCkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZUZpbGUoezB9KSBmYWlsZWQiLCBsaW5rUGF0aCkpOyAgICAgICAgICAgIAoKICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfR0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICAgICAgMCwKICAgICAgICAgICAgICAgICAgICBvdXQgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIE1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgZm9yIGZpbGUgYXQgezB9IiwgbGlua1BhdGgpKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUuRGlzcG9zZSgpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBib29sIGlzUmVsYXRpdmUgPSBmYWxzZTsKICAgICAgICAgICAgaW50IHBhdGhPZmZzZXQgPSAwOwogICAgICAgICAgICBMaW5rVHlwZSBsaW5rVHlwZTsKICAgICAgICAgICAgaWYgKGJ1ZmZlci5SZXBhcnNlVGFnID09IElPX1JFUEFSU0VfVEFHX1NZTUxJTkspCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFVJbnQzMiBidWZmZXJGbGFncyA9IENvbnZlcnQuVG9VSW50MzIoYnVmZmVyLlBhdGhCdWZmZXJbMF0pICsgQ29udmVydC5Ub1VJbnQzMihidWZmZXIuUGF0aEJ1ZmZlclsxXSk7CiAgICAgICAgICAgICAgICBpZiAoYnVmZmVyRmxhZ3MgPT0gU1lNTElOS19GTEFHX1JFTEFUSVZFKQogICAgICAgICAgICAgICAgICAgIGlzUmVsYXRpdmUgPSB0cnVlOwogICAgICAgICAgICAgICAgcGF0aE9mZnNldCA9IDI7CiAgICAgICAgICAgICAgICBsaW5rVHlwZSA9IExpbmtUeXBlLlN5bWJvbGljTGluazsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlIGlmIChidWZmZXIuUmVwYXJzZVRhZyA9PSBJT19SRVBBUlNFX1RBR19NT1VOVF9QT0lOVCkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgbGlua1R5cGUgPSBMaW5rVHlwZS5KdW5jdGlvblBvaW50OwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIGVycm9yTWVzc2FnZSA9IFN0cmluZy5Gb3JtYXQoIkludmFsaWQgUmVwYXJzZSBUYWc6IHswfSIsIGJ1ZmZlci5SZXBhcnNlVGFnLlRvU3RyaW5nKCkpOwogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEV4Y2VwdGlvbihlcnJvck1lc3NhZ2UpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBzdHJpbmcgcHJpbnROYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlByaW50TmFtZU9mZnNldCAvIFNJWkVfT0ZfV0NIQVIpICsgcGF0aE9mZnNldCwgKGludCkoYnVmZmVyLlByaW50TmFtZUxlbmd0aCAvIFNJWkVfT0ZfV0NIQVIpKTsKICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0IC8gU0laRV9PRl9XQ0hBUikgKyBwYXRoT2Zmc2V0LCAoaW50KShidWZmZXIuU3Vic3RpdHV0ZU5hbWVMZW5ndGggLyBTSVpFX09GX1dDSEFSKSk7CgogICAgICAgICAgICAvLyBUT0RPOiBzaG91bGQgd2UgY2hlY2sgZm9yIFw/XFVOQ1xzZXJ2ZXIgZm9yIGNvbnZlcnQgaXQgdG8gdGhlIE5UIHN0eWxlIFxcc2VydmVyIHBhdGgKICAgICAgICAgICAgLy8gUmVtb3ZlIHRoZSBsZWFkaW5nIFdpbmRvd3Mgb2JqZWN0IGRpcmVjdG9yeSBcP1wgZnJvbSB0aGUgcGF0aCBpZiBwcmVzZW50CiAgICAgICAgICAgIHN0cmluZyB0YXJnZXRQYXRoID0gc3Vic3RpdHV0ZU5hbWU7CiAgICAgICAgICAgIGlmICh0YXJnZXRQYXRoLlN0YXJ0c1dpdGgoIlxcPz9cXCIpKQogICAgICAgICAgICAgICAgdGFyZ2V0UGF0aCA9IHRhcmdldFBhdGguU3Vic3RyaW5nKDQsIHRhcmdldFBhdGguTGVuZ3RoIC0gNCk7CgogICAgICAgICAgICBzdHJpbmcgYWJzb2x1dGVQYXRoID0gdGFyZ2V0UGF0aDsKICAgICAgICAgICAgaWYgKGlzUmVsYXRpdmUpCiAgICAgICAgICAgICAgICBhYnNvbHV0ZVBhdGggPSBQYXRoLkdldEZ1bGxQYXRoKFBhdGguQ29tYmluZShuZXcgRmlsZUluZm8obGlua1BhdGgpLkRpcmVjdG9yeS5GdWxsTmFtZSwgdGFyZ2V0UGF0aCkpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBMaW5rSW5mbwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBUeXBlID0gbGlua1R5cGUsCiAgICAgICAgICAgICAgICBQcmludE5hbWUgPSBwcmludE5hbWUsCiAgICAgICAgICAgICAgICBTdWJzdGl0dXRlTmFtZSA9IHN1YnN0aXR1dGVOYW1lLAogICAgICAgICAgICAgICAgQWJzb2x1dGVQYXRoID0gYWJzb2x1dGVQYXRoLAogICAgICAgICAgICAgICAgVGFyZ2V0UGF0aCA9IHRhcmdldFBhdGgKICAgICAgICAgICAgfTsKICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIHZvaWQgQ3JlYXRlSnVuY3Rpb25Qb2ludChzdHJpbmcgbGlua1BhdGgsIHN0cmluZyBsaW5rVGFyZ2V0KQogICAgICAgIHsKICAgICAgICAgICAgLy8gV2UgbmVlZCB0byBjcmVhdGUgdGhlIGxpbmsgYXMgYSBkaXIgYmVmb3JlaGFuZAogICAgICAgICAgICBEaXJlY3RvcnkuQ3JlYXRlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgZmlsZUhhbmRsZSA9IENyZWF0ZUZpbGUoCiAgICAgICAgICAgICAgICBsaW5rUGF0aCwKICAgICAgICAgICAgICAgIEZpbGVBY2Nlc3MuV3JpdGUsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuUmVhZCB8IEZpbGVTaGFyZS5Xcml0ZSB8IEZpbGVTaGFyZS5Ob25lLAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICBGaWxlTW9kZS5PcGVuLAogICAgICAgICAgICAgICAgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgfCBGSUxFX0ZMQUdfT1BFTl9SRVBBUlNFX1BPSU5ULAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8pOwoKICAgICAgICAgICAgaWYgKGZpbGVIYW5kbGUuSXNJbnZhbGlkKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlRmlsZSh7MH0pIGZhaWxlZCIsIGxpbmtQYXRoKSk7CgogICAgICAgICAgICB0cnkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gIlxcPz9cXCIgKyBQYXRoLkdldEZ1bGxQYXRoKGxpbmtUYXJnZXQpOwogICAgICAgICAgICAgICAgc3RyaW5nIHByaW50TmFtZSA9IGxpbmtUYXJnZXQ7CgogICAgICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICAgICAgYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0ID0gMDsKICAgICAgICAgICAgICAgIGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCA9IChVSW50MTYpKHN1YnN0aXR1dGVOYW1lLkxlbmd0aCAqIFNJWkVfT0ZfV0NIQVIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZU9mZnNldCA9IChVSW50MTYpKGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCArIDIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZUxlbmd0aCA9IChVSW50MTYpKHByaW50TmFtZS5MZW5ndGggKiBTSVpFX09GX1dDSEFSKTsKCiAgICAgICAgICAgICAgICBidWZmZXIuUmVwYXJzZVRhZyA9IElPX1JFUEFSU0VfVEFHX01PVU5UX1BPSU5UOwogICAgICAgICAgICAgICAgYnVmZmVyLlJlcGFyc2VEYXRhTGVuZ3RoID0gKFVJbnQxNikoYnVmZmVyLlN1YnN0aXR1dGVOYW1lTGVuZ3RoICsgYnVmZmVyLlByaW50TmFtZUxlbmd0aCArIDEyKTsKICAgICAgICAgICAgICAgIGJ1ZmZlci5QYXRoQnVmZmVyID0gbmV3IGNoYXJbTUFYSU1VTV9SRVBBUlNFX0RBVEFfQlVGRkVSX1NJWkVdOwoKICAgICAgICAgICAgICAgIGJ5dGVbXSB1bmljb2RlQnl0ZXMgPSBFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHN1YnN0aXR1dGVOYW1lICsgIlwwIiArIHByaW50TmFtZSk7CiAgICAgICAgICAgICAgICBjaGFyW10gcGF0aEJ1ZmZlciA9IEVuY29kaW5nLlVuaWNvZGUuR2V0Q2hhcnModW5pY29kZUJ5dGVzKTsKICAgICAgICAgICAgICAgIEFycmF5LkNvcHkocGF0aEJ1ZmZlciwgYnVmZmVyLlBhdGhCdWZmZXIsIHBhdGhCdWZmZXIuTGVuZ3RoKTsKCiAgICAgICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIChVSW50MzIpKGJ1ZmZlci5SZXBhcnNlRGF0YUxlbmd0aCArIDgpLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLCAwLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgdG8gY3JlYXRlIGp1bmN0aW9uIHBvaW50IGF0IHswfSB0byB7MX0iLCBsaW5rUGF0aCwgbGlua1RhcmdldCkpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZmlsZUhhbmRsZS5EaXNwb3NlKCk7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9Cn0KJ0AKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRsaW5rX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKICAgIEltcG9ydC1Qcml2aWxlZ2VVdGlsCiAgICAjIGVuYWJsZSB0aGUgU2VCYWNrdXBQcml2aWxlZ2UgaWYgaXQgaXMgZGlzYWJsZWQKICAgICRzdGF0ZSA9IEdldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQmFja3VwUHJpdmlsZWdlCiAgICBpZiAoJHN0YXRlIC1lcSAkZmFsc2UpIHsKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZSAtTmFtZSBTZUJhY2t1cFByaXZpbGVnZSAtVmFsdWUgJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUxpbmsoJGxpbmtfcGF0aCkgewogICAgJGxpbmtfaW5mbyA9IFtBbnNpYmxlLkxpbmtVdGlsXTo6R2V0TGlua0luZm8oJGxpbmtfcGF0aCkKICAgIHJldHVybiAkbGlua19pbmZvCn0KCkZ1bmN0aW9uIFJlbW92ZS1MaW5rKCRsaW5rX3BhdGgpIHsKICAgIFtBbnNpYmxlLkxpbmtVdGlsXTo6RGVsZXRlTGluaygkbGlua19wYXRoKQp9CgpGdW5jdGlvbiBOZXctTGluaygkbGlua19wYXRoLCAkbGlua190YXJnZXQsICRsaW5rX3R5cGUpIHsKICAgIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0KSkgewogICAgICAgIHRocm93ICJsaW5rX3RhcmdldCAnJGxpbmtfdGFyZ2V0JyBkb2VzIG5vdCBleGlzdCwgY2Fubm90IGNyZWF0ZSBsaW5rIgogICAgfQogICAgCiAgICBzd2l0Y2goJGxpbmtfdHlwZSkgewogICAgICAgICJsaW5rIiB7CiAgICAgICAgICAgICR0eXBlID0gW0Fuc2libGUuTGlua1R5cGVdOjpTeW1ib2xpY0xpbmsKICAgICAgICB9CiAgICAgICAgImp1bmN0aW9uIiB7CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGp1bmN0aW9uIHBvaW50IHRvIGEgZmlsZSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SnVuY3Rpb25Qb2ludAogICAgICAgIH0KICAgICAgICAiaGFyZCIgewogICAgICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRsaW5rX3RhcmdldCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGhhcmQgbGluayB0byBhIGRpcmVjdG9yeSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SGFyZExpbmsKICAgICAgICB9CiAgICAgICAgZGVmYXVsdCB7IHRocm93ICJpbnZhbGlkIGxpbmtfdHlwZSBvcHRpb24gJCgkbGlua190eXBlKTogZXhwZWN0aW5nIGxpbmssIGp1bmN0aW9uLCBoYXJkIiB9CiAgICB9CiAgICBbQW5zaWJsZS5MaW5rVXRpbF06OkNyZWF0ZUxpbmsoJGxpbmtfcGF0aCwgJGxpbmtfdGFyZ2V0LCAkdHlwZSkKfQoKIyB0aGlzIGxpbmUgbXVzdCBzdGF5IGF0IHRoZSBib3R0b20gdG8gZW5zdXJlIGFsbCBkZWZpbmVkIG1vZHVsZSBwYXJ0cyBhcmUgZXhwb3J0ZWQKRXhwb3J0LU1vZHVsZU1lbWJlciAtQWxpYXMgKiAtRnVuY3Rp ScriptBlock ID: 92a189a5-0856-4cec-b53a-43fc33793aa6 Path:	4104	1		3	2	15	0	1834	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3120	2096	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:03 PM	e5295ba9-9827-0005-ef84-2de52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 8): Mgb3ZlcnJpZGUgc3RyaW5nIE1lc3NhZ2UgeyBnZXQgeyByZXR1cm4gX21zZzsgfSB9CiAgICAgICAgcHVibGljIHN0YXRpYyBleHBsaWNpdCBvcGVyYXRvciBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBMaW5rSW5mbwogICAgewogICAgICAgIHB1YmxpYyBMaW5rVHlwZSBUeXBlIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICBwdWJsaWMgc3RyaW5nIFByaW50TmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBTdWJzdGl0dXRlTmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBBYnNvbHV0ZVBhdGggeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIHB1YmxpYyBzdHJpbmcgVGFyZ2V0UGF0aCB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZ1tdIEhhcmRUYXJnZXRzIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgIH0KCiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICBwdWJsaWMgc3RydWN0IFJFUEFSU0VfREFUQV9CVUZGRVIKICAgIHsKICAgICAgICBwdWJsaWMgVUludDMyIFJlcGFyc2VUYWc7CiAgICAgICAgcHVibGljIFVJbnQxNiBSZXBhcnNlRGF0YUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFJlc2VydmVkOwogICAgICAgIHB1YmxpYyBVSW50MTYgU3Vic3RpdHV0ZU5hbWVPZmZzZXQ7CiAgICAgICAgcHVibGljIFVJbnQxNiBTdWJzdGl0dXRlTmFtZUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZU9mZnNldDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZUxlbmd0aDsKCiAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkJ5VmFsQXJyYXksIFNpemVDb25zdCA9IExpbmtVdGlsLk1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFKV0KICAgICAgICBwdWJsaWMgY2hhcltdIFBhdGhCdWZmZXI7CiAgICB9CgogICAgcHVibGljIGNsYXNzIExpbmtVdGlsCiAgICB7CiAgICAgICAgcHVibGljIGNvbnN0IGludCBNQVhJTVVNX1JFUEFSU0VfREFUQV9CVUZGRVJfU0laRSA9IDEwMjQgKiAxNjsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgPSAweDAyMDAwMDAwOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgPSAweDAwMjAwMDAwOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBGU0NUTF9HRVRfUkVQQVJTRV9QT0lOVCA9IDB4MDAwOTAwQTg7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQgPSAweDAwMDkwMEE0OwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfREVWSUNFX0ZJTEVfU1lTVEVNID0gMHgwMDA5MDAwMDsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgSU9fUkVQQVJTRV9UQUdfTU9VTlRfUE9JTlQgPSAweEEwMDAwMDAzOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIElPX1JFUEFSU0VfVEFHX1NZTUxJTksgPSAweEEwMDAwMDBDOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1MSU5LX0ZMQUdfUkVMQVRJVkUgPSAweDAwMDAwMDAxOwoKICAgICAgICBwcml2YXRlIGNvbnN0IEludDY0IElOVkFMSURfSEFORExFX1ZBTFVFID0gLTE7CgogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIFNJWkVfT0ZfV0NIQVIgPSAyOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRSA9IDB4MDAwMDAwMDA7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgU1lNQk9MSUNfTElOS19GTEFHX0RJUkVDVE9SWSA9IDB4MDAwMDAwMDE7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBTYWZlRmlsZUhhbmRsZSBDcmVhdGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLlU0KV0gRmlsZUFjY2VzcyBkd0Rlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5VNCldIEZpbGVTaGFyZSBkd1NoYXJlTW9kZSwKICAgICAgICAgICAgSW50UHRyIGxwU2VjdXJpdHlBdHRyaWJ1dGVzLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuVTQpXSBGaWxlTW9kZSBkd0NyZWF0aW9uRGlzcG9zaXRpb24sCiAgICAgICAgICAgIFVJbnQzMiBkd0ZsYWdzQW5kQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGhUZW1wbGF0ZUZpbGUpOwoKICAgICAgICAvLyBVc2VkIGJ5IEdldFJlcGFyc2VQb2ludEluZm8oKQogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIERldmljZUlvQ29udHJvbCgKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaERldmljZSwKICAgICAgICAgICAgVUludDMyIGR3SW9Db250cm9sQ29kZSwKICAgICAgICAgICAgSW50UHRyIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgUkVQQVJTRV9EQVRBX0JVRkZFUiBscE91dEJ1ZmZlciwKICAgICAgICAgICAgVUludDMyIG5PdXRCdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgVUludDMyIGxwQnl0ZXNSZXR1cm5lZCwKICAgICAgICAgICAgSW50UHRyIGxwT3ZlcmxhcHBlZCk7CgogICAgICAgIC8vIFVzZWQgYnkgQ3JlYXRlSnVuY3Rpb25Qb2ludCgpCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIGJvb2wgRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICBTYWZlRmlsZUhhbmRsZSBoRGV2aWNlLAogICAgICAgICAgICBVSW50MzIgZHdJb0NvbnRyb2xDb2RlLAogICAgICAgICAgICBSRVBBUlNFX0RBVEFfQlVGRkVSIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBJbnRQdHIgbHBPdXRCdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuT3V0QnVmZmVyU2l6ZSwKICAgICAgICAgICAgb3V0IFVJbnQzMiBscEJ5dGVzUmV0dXJuZWQsCiAgICAgICAgICAgIEludFB0ciBscE92ZXJsYXBwZWQpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBHZXRWb2x1bWVQYXRoTmFtZSgKICAgICAgICAgICAgc3RyaW5nIGxwc3pGaWxlTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscHN6Vm9sdW1lUGF0aE5hbWUsCiAgICAgICAgICAgIHJlZiBVSW50MzIgY2NoQnVmZmVyTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIEludFB0ciBGaW5kRmlyc3RGaWxlTmFtZVcoCiAgICAgICAgICAgIHN0cmluZyBscEZpbGVOYW1lLAogICAgICAgICAgICBVSW50MzIgZHdGbGFncywKICAgICAgICAgICAgcmVmIFVJbnQzMiBTdHJpbmdMZW5ndGgsCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgTGlua05hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBGaW5kTmV4dEZpbGVOYW1lVygKICAgICAgICAgICAgSW50UHRyIGhGaW5kU3RyZWFtLAogICAgICAgICAgICByZWYgVUludDMyIFN0cmluZ0xlbmd0aCwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBMaW5rTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEZpbmRDbG9zZSgKICAgICAgICAgICAgSW50UHRyIGhGaW5kRmlsZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeSgKICAgICAgICAgICAgc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBEZWxldGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIENyZWF0ZVN5bWJvbGljTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwU3ltbGlua0ZpbGVOYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBUYXJnZXRGaWxlTmFtZSwKICAgICAgICAgICAgVUludDMyIGR3RmxhZ3MpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVIYXJkTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwRmlsZU5hbWUsCiAgICAgICAgICAgIHN0cmluZyBscEV4aXN0aW5nRmlsZU5hbWUsCiAgICAgICAgICAgIEludFB0ciBscFNlY3VyaXR5QXR0cmlidXRlcyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgTGlua0luZm8gR2V0TGlua0luZm8oc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rUGF0aCk7CiAgICAgICAgICAgIGlmIChhdHRyLkhhc0ZsYWcoRmlsZUF0dHJpYnV0ZXMuUmVwYXJzZVBvaW50KSkKICAgICAgICAgICAgICAgIHJldHVybiBHZXRSZXBhcnNlUG9pbnRJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIGlmICghYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICByZXR1cm4gR2V0SGFyZExpbmtJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIHJldHVybiBudWxsOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUxpbmsoc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgYm9vbCBzdWNjZXNzOwogICAgICAgICAgICBGaWxlQXR0cmlidXRlcyBhdHRyID0gRmlsZS5HZXRBdHRyaWJ1dGVzKGxpbmtQYXRoKTsKICAgICAgICAgICAgaWYgKGF0dHIuSGFzRmxhZyhGaWxlQXR0cmlidXRlcy5EaXJlY3RvcnkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzdWNjZXNzID0gUmVtb3ZlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIHN1Y2Nlc3MgPSBEZWxldGVGaWxlKGxpbmtQYXRoKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgaWYgKCFzdWNjZXNzKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRmFpbGVkIHRvIGRlbGV0ZSBsaW5rIGF0IHswfSIsIGxpbmtQYXRoKSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgQ3JlYXRlTGluayhzdHJpbmcgbGlua1BhdGgsIFN0cmluZyBsaW5rVGFyZ2V0LCBMaW5rVHlwZSBsaW5rVHlwZSkKICAgICAgICB7CiAgICAgICAgICAgIHN3aXRjaCAobGlua1R5cGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGNhc2UgTGlua1R5cGUuU3ltYm9saWNMaW5rOgogICAgICAgICAgICAgICAgICAgIFVJbnQzMiBsaW5rRmxhZ3M7CiAgICAgICAgICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rVGFyZ2V0KTsKICAgICAgICAgICAgICAgICAgICBpZiAoYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICAgICAgICAgIGxpbmtGbGFncyA9IFNZTUJPTElDX0xJTktfRkxBR19ESVJFQ1RPUlk7CiAgICAgICAgICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgICAgICAgICBsaW5rRmxhZ3MgPSBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRTsKCiAgICAgICAgICAgICAgICAgICAgaWYgKCFDcmVhdGVTeW1ib2xpY0xpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIGxpbmtGbGFncykpCiAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZVN5bWJvbGljTGluayh7MH0sIHsxfSwgezJ9KSBmYWlsZWQiLCBsaW5rUGF0aCwgbGlua1RhcmdldCwgbGlua0ZsYWdzKSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkp1bmN0aW9uUG9pbnQ6CiAgICAgICAgICAgICAgICAgICAgQ3JlYXRlSnVuY3Rpb25Qb2ludChsaW5rUGF0aCwgbGlua1RhcmdldCk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkhhcmRMaW5rOgogICAgICAgICAgICAgICAgICAgIGlmICghQ3JlYXRlSGFyZExpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlSGFyZExpbmsoezB9LCB7MX0pIGZhaWxlZCIsIGxpbmtQYXRoLCBsaW5rVGFyZ2V0KSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIExpbmtJbmZvIEdldEhhcmRMaW5rSW5mbyhzdHJpbmcgbGlua1BhdGgpCiAgICAgICAgewogICAgICAgICAgICBVSW50MzIgbWF4UGF0aCA9IDI2MDsKICAgICAgICAgICAgTGlzdDxzdHJpbmc+IHJlc3VsdCA9IG5ldyBMaXN0PHN0cmluZz4oKTsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgc2IgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KW1heFBhdGgpOwogICAgICAgICAgICBVSW50MzIgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgaWYgKCFHZXRWb2x1bWVQYXRoTmFtZShsaW5rUGF0aCwgc2IsIHJlZiBzdHJpbmdMZW5ndGgpKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oIkdldFZvbHVtZVBhdGhOYW1lKCkgZmFpbGVkIik7CiAgICAgICAgICAgIHN0cmluZyB2b2x1bWUgPSBzYi5Ub1N0cmluZygpOwoKICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgSW50UHRyIGZpbmRIYW5kbGUgPSBGaW5kRmlyc3RGaWxlTmFtZVcobGlua1BhdGgsIDAsIHJlZiBzdHJpbmdMZW5ndGgsIHNiKTsKICAgICAgICAgICAgaWYgKGZpbmRIYW5kbGUuVG9JbnQ2NCgpICE9IElOVkFMSURfSEFORExFX1ZBTFVFKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBkbwogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nIGhhcmRMaW5rUGF0aCA9IHNiLlRvU3RyaW5nKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChoYXJkTGlua1BhdGguU3RhcnRzV2l0aCgiXFwiKSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhhcmRMaW5rUGF0aCA9IGhhcmRMaW5rUGF0aC5TdWJzdHJpbmcoMSwgaGFyZExpbmtQYXRoLkxlbmd0aCAtIDEpOwoKICAgICAgICAgICAgICAgICAgICAgICAgcmVzdWx0LkFkZChQYXRoLkNvbWJpbmUodm9sdW1lLCBoYXJkT ScriptBlock ID: 92a189a5-0856-4cec-b53a-43fc33793aa6 Path:	4104	1		3	2	15	0	1833	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3120	2096	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:03 PM	e5295ba9-9827-0005-ef84-2de52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 8): vKQogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwobmV3U3RhdGVQdHIpOwogICAgICAgICAgICB9CgogICAgICAgICAgICByZXR1cm4gb2xkU3RhdGVQcml2aWxlZ2VzLlRvRGljdGlvbmFyeShwID0+IEdldFByaXZpbGVnZU5hbWUocC5MdWlkKSwgcCA9PiAoYm9vbD8pcC5BdHRyaWJ1dGVzLkhhc0ZsYWcoUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBzdHJpbmcgR2V0UHJpdmlsZWdlTmFtZShOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZCkKICAgICAgICB7CiAgICAgICAgICAgIFVJbnQzMiBuYW1lTGVuID0gMDsKICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5Mb29rdXBQcml2aWxlZ2VOYW1lKG51bGwsIHJlZiBsdWlkLCBudWxsLCByZWYgbmFtZUxlbik7CgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIG5hbWUgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KShuYW1lTGVuICsgMSkpOwogICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuTG9va3VwUHJpdmlsZWdlTmFtZShudWxsLCByZWYgbHVpZCwgbmFtZSwgcmVmIG5hbWVMZW4pKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJMb29rdXBQcml2aWxlZ2VOYW1lKCkgZmFpbGVkIik7CgogICAgICAgICAgICByZXR1cm4gbmFtZS5Ub1N0cmluZygpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBQdHJUb1N0cnVjdHVyZUFycmF5PFQ+KFRbXSBhcnJheSwgSW50UHRyIHB0cikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBwdHJPZmZzZXQgPSBwdHI7CiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYXJyYXkuTGVuZ3RoOyBpKyssIHB0ck9mZnNldCA9IEludFB0ci5BZGQocHRyT2Zmc2V0LCBNYXJzaGFsLlNpemVPZih0eXBlb2YoVCkpKSkKICAgICAgICAgICAgICAgIGFycmF5W2ldID0gKFQpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShwdHJPZmZzZXQsIHR5cGVvZihUKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBpbnQgU3RydWN0dXJlVG9CeXRlczxUPihUIHN0cnVjdHVyZSwgYnl0ZVtdIGFycmF5LCBpbnQgb2Zmc2V0KQogICAgICAgIHsKICAgICAgICAgICAgaW50IHNpemUgPSBNYXJzaGFsLlNpemVPZihzdHJ1Y3R1cmUpOwogICAgICAgICAgICBJbnRQdHIgc3RydWN0UHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoc2l6ZSk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBNYXJzaGFsLlN0cnVjdHVyZVRvUHRyKHN0cnVjdHVyZSwgc3RydWN0UHRyLCBmYWxzZSk7CiAgICAgICAgICAgICAgICBNYXJzaGFsLkNvcHkoc3RydWN0UHRyLCBhcnJheSwgb2Zmc2V0LCBzaXplKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwoc3RydWN0UHRyKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgcmV0dXJuIHNpemU7CiAgICAgICAgfQogICAgfQp9CidACgpGdW5jdGlvbiBJbXBvcnQtUHJpdmlsZWdlVXRpbCB7CiAgICA8IwogICAgLlNZTk9QU0lTCiAgICBDb21waWxlcyB0aGUgQyMgY29kZSB0aGF0IGNhbiBiZSB1c2VkIHRvIG1hbmFnZSBXaW5kb3dzIHByaXZpbGVnZXMgZnJvbSBhbgogICAgQW5zaWJsZSBtb2R1bGUuIE9uY2UgdGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQsIHRoZSBmb2xsb3dpbmcgUG93ZXJTaGVsbAogICAgY21kbGV0cyBjYW4gYmUgdXNlZDsKCiAgICAgICAgR2V0LUFuc2libGVQcml2aWxlZ2UKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZQoKICAgIFRoZSBhYm92ZSBjbWRsZXRzIGdpdmUgdGhlIGFiaWxpdHkgdG8gbWFuYWdlIHBlcm1pc3Npb25zIG9uIHRoZSBjdXJyZW50CiAgICBwcm9jZXNzIHRva2VuIGJ1dCB0aGUgdW5kZXJseWluZyAuTkVUIGNsYXNzZXMgYXJlIGFsc28gZXhwb3NlZCBmb3IgZ3JlYXRlcgogICAgY29udHJvbC4gVGhlIGZvbGxvd2luZyBmdW5jdGlvbnMgY2FuIGJlIHVzZWQgYnkgY2FsbGluZyB0aGUgLk5FVCBjbGFzcwoKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkbmFtZSkKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkRpc2FibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6RGlzYWJsZUFsbFByaXZpbGVnZXMoJHByb2Nlc3MpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpFbmFibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2VzcykKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OlJlbW92ZVByaXZpbGVnZSgkcHJvY2VzcywgJG5hbWUpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3MsICRuZXdfc3RhdGUpCgogICAgSGVyZSBpcyBhIGJyaWVmIGV4cGxhbmF0aW9uIG9mIGVhY2ggdHlwZSBvZiBhcmcKICAgICRwcm9jZXNzID0gVGhlIHByb2Nlc3MgaGFuZGxlIHRvIG1hbmlwdWxhdGUsIHVzZSAnW0Fuc2libGUuUHJpdmlsZWdlVXRpbHMuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCknIHRvIGdldCB0aGUgY3VycmVudCBwcm9jZXNzIGhhbmRsZQogICAgJG5hbWUgPSBUaGUgbmFtZSBvZiB0aGUgcHJpdmlsZWdlLCB0aGlzIGlzIHRoZSBjb25zdGFudCB2YWx1ZSBmcm9tIGh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3dpbmRvd3MvZGVza3RvcC9TZWNBdXRoWi9wcml2aWxlZ2UtY29uc3RhbnRzLCBlLmcuIFNlQXVkaXRQcml2aWxlZ2UKICAgICRuZXdfc3RhdGUgPSAnU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nXSwgW1N5c3RlbS5OdWxsYWJsZWAxW1N5c3RlbS5Cb29sZWFuXV1dJwogICAgICAgIFRoZSBrZXkgaXMgdGhlIGNvbnN0YW50IG5hbWUgYXMgYSBzdHJpbmcsIHRoZSB2YWx1ZSBpcyBhIHRlcm5hcnkgYm9vbGVhbiB3aGVyZQogICAgICAgICAgICB0cnVlIC0gd2lsbCBlbmFibGUgdGhlIHByaXZpbGVnZQogICAgICAgICAgICBmYWxzZSAtIHdpbGwgZGlzYWJsZSB0aGUgcHJpdmlsZWdlCiAgICAgICAgICAgIG51bGwgLSB3aWxsIHJlbW92ZSB0aGUgcHJpdmlsZWdlCgogICAgRWFjaCBtZXRob2QgdGhhdCBjaGFuZ2VzIHRoZSBwcml2aWxlZ2Ugc3RhdGUgd2lsbCByZXR1cm4gYSBkaWN0aW9uYXJ5IHRoYXQKICAgIGNhbiBiZSB1c2VkIGFzIHRoZSAkbmV3X3N0YXRlIGFyZyBvZiBTZXRUb2tlblByaXZpbGVnZXMgdG8gdW5kbyBhbmQgcmV2ZXJ0CiAgICBiYWNrIHRvIHRoZSBvcmlnaW5hbCBzdGF0ZS4gSWYgeW91IHJlbW92ZSBhIHByaXZpbGVnZSB0aGVuIHRoaXMgaXMKICAgIGlycmV2ZXJzaWJsZSBhbmQgd29uJ3QgYmUgcGFydCBvZiB0aGUgcmV0dXJuZWQgZGljdAogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICAjIGJ1aWxkIHRoZSBDIyBjb2RlIHRvIGNvbXBpbGUKICAgICRuYW1lc3BhY2VfaW1wb3J0ID0gKCRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX25hbWVzcGFjZXMgfCBGb3JFYWNoLU9iamVjdCB7ICJ1c2luZyAkXzsiIH0pIC1qb2luICJgcmBuIgogICAgJHBsYXRmb3JtX3V0aWwgPSAiJG5hbWVzcGFjZV9pbXBvcnRgcmBuYHJgbiRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGUiCgogICAgIyBGVVRVUkU6IGZpbmQgYSBiZXR0ZXIgd2F5IHRvIGdldCB0aGUgX2Fuc2libGVfcmVtb3RlX3RtcCB2YXJpYWJsZQogICAgIyB0aGlzIGlzIHVzZWQgdG8gZm9yY2UgY3NjIHRvIGNvbXBpbGUgdGhlIEMjIGNvZGUgaW4gdGhlIHJlbW90ZSB0bXAKICAgICMgc3BlY2lmaWVkCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwbGF0Zm9ybV91dGlsCiAgICAkZW52OlRNUCA9ICRvcmlnaW5hbF90bXAKfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQcml2aWxlZ2UgewogICAgPCMKICAgIC5TWU5PUFNJUwogICAgR2V0IHRoZSBzdGF0dXMgb2YgYSBwcml2aWxlZ2UgZm9yIHRoZSBjdXJyZW50IHByb2Nlc3MuIFRoaXMgcmV0dXJucwogICAgICAgICR0cnVlIC0gdGhlIHByaXZpbGVnZSBpcyBlbmFibGVkCiAgICAgICAgJGZhbHNlIC0gdGhlIHByaXZpbGVnZSBpcyBkaXNhYmxlZAogICAgICAgICRudWxsIC0gdGhlIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gdGhlIHRva2VuCgogICAgSWYgTmFtZSBpcyBub3QgYSB2YWxpZCBwcml2aWxlZ2UgbmFtZSwgdGhpcyB3aWxsIHRocm93IGFuCiAgICBBcmd1bWVudEV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VEZWJ1Z1ByaXZpbGVnZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZQogICAgKQoKICAgIGlmICgtbm90IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkTmFtZSkpIHsKICAgICAgICB0aHJvdyBbU3lzdGVtLkFyZ3VtZW50RXhjZXB0aW9uXSAiSW52YWxpZCBwcml2aWxlZ2UgbmFtZSAnJE5hbWUnIgogICAgfQoKICAgICRwcm9jZXNzX3Rva2VuID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0Q3VycmVudFByb2Nlc3MoKQogICAgJHByaXZpbGVnZV9pbmZvID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2Vzc190b2tlbikKICAgIGlmICgkcHJpdmlsZWdlX2luZm8uQ29udGFpbnNLZXkoJE5hbWUpKSB7CiAgICAgICAgJHN0YXR1cyA9ICRwcml2aWxlZ2VfaW5mby4kTmFtZQogICAgICAgIHJldHVybiAkc3RhdHVzLkhhc0ZsYWcoW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VBdHRyaWJ1dGVzXTo6RW5hYmxlZCkKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRudWxsCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1BbnNpYmxlUHJpdmlsZWdlIHsKICAgIDwjCiAgICAuU1lOT1BTSVMKICAgIEVuYWJsZXMvRGlzYWJsZXMgYSBwcml2aWxlZ2Ugb24gdGhlIGN1cnJlbnQgcHJvY2VzcycgdG9rZW4uIElmIGEgcHJpdmlsZWdlCiAgICBoYXMgYmVlbiByZW1vdmVkIGZyb20gdGhlIHByb2Nlc3MgdG9rZW4sIHRoaXMgd2lsbCB0aHJvdyBhbgogICAgSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgIyBlbmFibGUgYSBwcml2aWxlZ2UKICAgIFNldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQ3JlYXRlU3ltYm9saWNMaW5rUHJpdmlsZWdlIC1WYWx1ZSAkdHJ1ZQoKICAgICMgZGlzYWJsZSBhIHByaXZpbGVnZQogICAgU2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VDcmVhdGVTeW1ib2xpY0xpbmtQcml2aWxlZ2UgLVZhbHVlICRmYWxzZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKFN1cHBvcnRzU2hvdWxkUHJvY2VzcyldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZSwKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW2Jvb2xdJFZhbHVlCiAgICApCgogICAgJGFjdGlvbiA9IHN3aXRjaCgkVmFsdWUpIHsKICAgICAgICAkdHJ1ZSB7ICJFbmFibGUiIH0KICAgICAgICAkZmFsc2UgeyAiRGlzYWJsZSIgfQogICAgfQoKICAgICRjdXJyZW50X3N0YXRlID0gR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgJE5hbWUKICAgIGlmICgkY3VycmVudF9zdGF0ZSAtZXEgJFZhbHVlKSB7CiAgICAgICAgcmV0dXJuICAjIG5vIGNoYW5nZSBuZWVkcyB0byBvY2N1cgogICAgfSBlbHNlaWYgKCRudWxsIC1lcSAkY3VycmVudF9zdGF0ZSkgewogICAgICAgICMgb25jZSBhIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gYSB0b2tlbiB3ZSBjYW5ub3QgZG8gYW55dGhpbmcgd2l0aCBpdAogICAgICAgIHRocm93IFtTeXN0ZW0uSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbl0gIkNhbm5vdCAkKCRhY3Rpb24uVG9Mb3dlcigpKSB0aGUgcHJpdmlsZWdlICckTmFtZScgYXMgaXQgaGFzIGJlZW4gcmVtb3ZlZCBmcm9tIHRoZSB0b2tlbiIKICAgIH0KCiAgICAkcHJvY2Vzc190b2tlbiA9IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCkKICAgIGlmICgkUFNDbWRsZXQuU2hvdWxkUHJvY2VzcygkTmFtZSwgIiRhY3Rpb24gdGhlIHByaXZpbGVnZSAkTmFtZSIpKSB7CiAgICAgICAgJG5ld19zdGF0ZSA9IE5ldy1PYmplY3QgLVR5cGVOYW1lICdTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmddLCBbU3lzdGVtLk51bGxhYmxlYDFbU3lzdGVtLkJvb2xlYW5dXV0nCiAgICAgICAgJG5ld19zdGF0ZS5BZGQoJE5hbWUsICRWYWx1ZSkKICAgICAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3NfdG9rZW4sICRuZXdfc3RhdGUpID4gJG51bGwKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gSW1wb3J0LVByaXZpbGVnZVV0aWwsIEdldC1BbnNpYmxlUHJpdmlsZWdlLCBTZXQtQW5zaWJsZVByaXZpbGVnZSBgCiAgICAtVmFyaWFibGUgYW5zaWJsZV9wcml2aWxlZ2VfdXRpbF9uYW1lc3BhY2VzLCBhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGU=", "Ansible.ModuleUtils.LinkUtil": "ICMgQ29weXJpZ2h0IChjKSAyMDE3IEFuc2libGUgUHJvamVjdAogIyBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlIChzZWUgbGljZW5zZXMvc2ltcGxpZmllZF9ic2QudHh0IG9yIGh0dHBzOi8vb3BlbnNvdXJjZS5vcmcvbGljZW5zZXMvQlNELTItQ2xhdXNlKQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Qcml2aWxlZ2VVdGlsCgpGdW5jdGlvbiBMb2FkLUxpbmtVdGlscygpIHsKICAgICRsaW5rX3V0aWwgPSBAJwp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWM7CnVzaW5nIFN5c3RlbS5JTzsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwp1c2luZyBTeXN0ZW0uVGV4dDsKCm5hbWVzcGFjZSBBbnNpYmxlCnsKICAgIHB1YmxpYyBlbnVtIExpbmtUeXBlCiAgICB7CiAgICAgICAgU3ltYm9saWNMaW5rLAogICAgICAgIEp1bmN0aW9uUG9pbnQsCiAgICAgICAgSGFyZExpbmsKICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CgogICAgICAgIHB1YmxpYyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIExpbmtVdGlsV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaW ScriptBlock ID: 92a189a5-0856-4cec-b53a-43fc33793aa6 Path:	4104	1		3	2	15	0	1832	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3120	2096	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:03 PM	e5295ba9-9827-0005-ef84-2de52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 8): cml2aWxlZ2UsIHRydWUgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IEdldEFsbFByaXZpbGVnZUluZm8oU2FmZUhhbmRsZSB0b2tlbikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBoVG9rZW4gPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLk9wZW5Qcm9jZXNzVG9rZW4odG9rZW4sIFRva2VuQWNjZXNzTGV2ZWxzLlF1ZXJ5LCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiT3BlblByb2Nlc3NUb2tlbigpIGZhaWxlZCIpOwoKICAgICAgICAgICAgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IGluZm8gPSBuZXcgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+KCk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBVSW50MzIgdG9rZW5MZW5ndGggPSAwOwogICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5HZXRUb2tlbkluZm9ybWF0aW9uKGhUb2tlbiwgVE9LRU5fUFJJVklMRUdFUywgSW50UHRyLlplcm8sIDAsIG91dCB0b2tlbkxlbmd0aCk7CgogICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlczsKICAgICAgICAgICAgICAgIEludFB0ciBwcml2aWxlZ2VzUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoKGludCl0b2tlbkxlbmd0aCk7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuR2V0VG9rZW5JbmZvcm1hdGlvbihoVG9rZW4sIFRPS0VOX1BSSVZJTEVHRVMsIHByaXZpbGVnZXNQdHIsIHRva2VuTGVuZ3RoLCBvdXQgdG9rZW5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkdldFRva2VuSW5mb3JtYXRpb24oKSBmb3IgVE9LRU5fUFJJVklMRUdFUyBmYWlsZWQiKTsKCiAgICAgICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTIHByaXZpbGVnZUluZm8gPSAoTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTKU1hcnNoYWwuUHRyVG9TdHJ1Y3R1cmUocHJpdmlsZWdlc1B0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgIHByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW3ByaXZpbGVnZUluZm8uUHJpdmlsZWdlQ291bnRdOwogICAgICAgICAgICAgICAgICAgIFB0clRvU3RydWN0dXJlQXJyYXkocHJpdmlsZWdlcywgSW50UHRyLkFkZChwcml2aWxlZ2VzUHRyLCBNYXJzaGFsLlNpemVPZihwcml2aWxlZ2VJbmZvLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwocHJpdmlsZWdlc1B0cik7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgaW5mbyA9IHByaXZpbGVnZXMuVG9EaWN0aW9uYXJ5KHAgPT4gR2V0UHJpdmlsZWdlTmFtZShwLkx1aWQpLCBwID0+IHAuQXR0cmlidXRlcyk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBOYXRpdmVNZXRob2RzLkNsb3NlSGFuZGxlKGhUb2tlbik7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcmV0dXJuIGluZm87CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIFNhZmVXYWl0SGFuZGxlIEdldEN1cnJlbnRQcm9jZXNzKCkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBOYXRpdmVNZXRob2RzLkdldEN1cnJlbnRQcm9jZXNzKCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgUmVtb3ZlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgbnVsbCB9IH0pOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IFNldFRva2VuUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuLCBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IHN0YXRlKQogICAgICAgIHsKICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlQXR0ciA9IG5ldyBOYXRpdmVIZWxwZXJzLkxVSURfQU5EX0FUVFJJQlVURVNbc3RhdGUuQ291bnRdOwogICAgICAgICAgICBpbnQgaSA9IDA7CgogICAgICAgICAgICBmb3JlYWNoIChLZXlWYWx1ZVBhaXI8c3RyaW5nLCBib29sPz4gZW50cnkgaW4gc3RhdGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRCBsdWlkOwogICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIGVudHJ5LktleSwgb3V0IGx1aWQpKQogICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJMb29rdXBQcml2aWxlZ2VWYWx1ZSh7MH0pIGZhaWxlZCIsIGVudHJ5LktleSkpOwoKICAgICAgICAgICAgICAgIFByaXZpbGVnZUF0dHJpYnV0ZXMgYXR0cmlidXRlczsKICAgICAgICAgICAgICAgIHN3aXRjaCAoZW50cnkuVmFsdWUpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgY2FzZSB0cnVlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkOwogICAgICAgICAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgICAgICAgICBjYXNlIGZhbHNlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5EaXNhYmxlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICAgICAgZGVmYXVsdDoKICAgICAgICAgICAgICAgICAgICAgICAgYXR0cmlidXRlcyA9IFByaXZpbGVnZUF0dHJpYnV0ZXMuUmVtb3ZlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgcHJpdmlsZWdlQXR0cltpXS5MdWlkID0gbHVpZDsKICAgICAgICAgICAgICAgIHByaXZpbGVnZUF0dHJbaV0uQXR0cmlidXRlcyA9IGF0dHJpYnV0ZXM7CiAgICAgICAgICAgICAgICBpKys7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHJldHVybiBBZGp1c3RUb2tlblByaXZpbGVnZXModG9rZW4sIHByaXZpbGVnZUF0dHIpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBBZGp1c3RUb2tlblByaXZpbGVnZXMoU2FmZUhhbmRsZSB0b2tlbiwgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gbmV3U3RhdGUpCiAgICAgICAgewogICAgICAgICAgICBib29sIGRpc2FibGVBbGxQcml2aWxlZ2VzOwogICAgICAgICAgICBJbnRQdHIgbmV3U3RhdGVQdHI7CiAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1tdIG9sZFN0YXRlUHJpdmlsZWdlczsKICAgICAgICAgICAgVUludDMyIHJldHVybkxlbmd0aDsKCiAgICAgICAgICAgIGlmIChuZXdTdGF0ZSA9PSBudWxsKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBkaXNhYmxlQWxsUHJpdmlsZWdlcyA9IHRydWU7CiAgICAgICAgICAgICAgICBuZXdTdGF0ZVB0ciA9IEludFB0ci5aZXJvOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZGlzYWJsZUFsbFByaXZpbGVnZXMgPSBmYWxzZTsKCiAgICAgICAgICAgICAgICAvLyBOZWVkIHRvIG1hbnVhbGx5IG1hcnNoYWwgdGhlIGJ5dGVzIHJlcXVpcmVzIGZvciBuZXdTdGF0ZSBhcyB0aGUgY29uc3RhbnQgc2l6ZQogICAgICAgICAgICAgICAgLy8gb2YgTFVJRF9BTkRfQVRUUklCVVRFUyBpcyBzZXQgdG8gMSBhbmQgY2FuJ3QgYmUgb3ZlcnJpZGRlbiBhdCBydW50aW1lLCBUT0tFTl9QUklWSUxFR0VTCiAgICAgICAgICAgICAgICAvLyBhbHdheXMgY29udGFpbnMgYXQgbGVhc3QgMSBlbnRyeSBzbyB3ZSBuZWVkIHRvIGNhbGN1bGF0ZSB0aGUgZXh0cmEgc2l6ZSBpZiB0aGVyZSBhcmUKICAgICAgICAgICAgICAgIC8vIG5vcmUgdGhhbiAxIExVSURfQU5EX0FUVFJJQlVURVMgZW50cnkKICAgICAgICAgICAgICAgIGludCB0b2tlblByaXZpbGVnZXNTaXplID0gTWFyc2hhbC5TaXplT2YodHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgaW50IGx1aWRBdHRyU2l6ZSA9IDA7CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMSkKICAgICAgICAgICAgICAgICAgICBsdWlkQXR0clNpemUgPSBNYXJzaGFsLlNpemVPZih0eXBlb2YoTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTKSkgKiAobmV3U3RhdGUuTGVuZ3RoIC0gMSk7CiAgICAgICAgICAgICAgICBpbnQgdG90YWxTaXplID0gdG9rZW5Qcml2aWxlZ2VzU2l6ZSArIGx1aWRBdHRyU2l6ZTsKICAgICAgICAgICAgICAgIGJ5dGVbXSBuZXdTdGF0ZUJ5dGVzID0gbmV3IGJ5dGVbdG90YWxTaXplXTsKCiAgICAgICAgICAgICAgICAvLyBnZXQgdGhlIGZpcnN0IGVudHJ5IHRoYXQgaW5jbHVkZXMgdGhlIHN0cnVjdCBkZXRhaWxzCiAgICAgICAgICAgICAgICBOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMgdG9rZW5Qcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUygpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgUHJpdmlsZWdlQ291bnQgPSAoVUludDMyKW5ld1N0YXRlLkxlbmd0aCwKICAgICAgICAgICAgICAgICAgICBQcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1sxXSwKICAgICAgICAgICAgICAgIH07CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMCkKICAgICAgICAgICAgICAgICAgICB0b2tlblByaXZpbGVnZXMuUHJpdmlsZWdlc1swXSA9IG5ld1N0YXRlWzBdOwogICAgICAgICAgICAgICAgaW50IG9mZnNldCA9IFN0cnVjdHVyZVRvQnl0ZXModG9rZW5Qcml2aWxlZ2VzLCBuZXdTdGF0ZUJ5dGVzLCAwKTsKCiAgICAgICAgICAgICAgICAvLyBjb3B5IHRoZSByZW1haW5pbmcgTFVJRF9BTkRfQVRUUklCVVRFUyAoaWYgYW55KQogICAgICAgICAgICAgICAgZm9yIChpbnQgaSA9IDE7IGkgPCBuZXdTdGF0ZS5MZW5ndGg7IGkrKykKICAgICAgICAgICAgICAgICAgICBvZmZzZXQgKz0gU3RydWN0dXJlVG9CeXRlcyhuZXdTdGF0ZVtpXSwgbmV3U3RhdGVCeXRlcywgb2Zmc2V0KTsKCiAgICAgICAgICAgICAgICAvLyBmaW5hbGx5IGNyZWF0ZSB0aGUgcG9pbnRlciB0byB0aGUgYnl0ZSBhcnJheSB3ZSBqdXN0IGNyZWF0ZWQKICAgICAgICAgICAgICAgIG5ld1N0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwobmV3U3RhdGVCeXRlcy5MZW5ndGgpOwogICAgICAgICAgICAgICAgTWFyc2hhbC5Db3B5KG5ld1N0YXRlQnl0ZXMsIDAsIG5ld1N0YXRlUHRyLCBuZXdTdGF0ZUJ5dGVzLkxlbmd0aCk7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBJbnRQdHIgaFRva2VuID0gSW50UHRyLlplcm87CiAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuT3BlblByb2Nlc3NUb2tlbih0b2tlbiwgVG9rZW5BY2Nlc3NMZXZlbHMuUXVlcnkgfCBUb2tlbkFjY2Vzc0xldmVscy5BZGp1c3RQcml2aWxlZ2VzLCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIk9wZW5Qcm9jZXNzVG9rZW4oKSBmYWlsZWQgd2l0aCBRdWVyeSBhbmQgQWRqdXN0UHJpdmlsZWdlcyIpOwogICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgSW50UHRyIG9sZFN0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoMCk7CiAgICAgICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkFkanVzdFRva2VuUHJpdmlsZWdlcyhoVG9rZW4sIGRpc2FibGVBbGxQcml2aWxlZ2VzLCBuZXdTdGF0ZVB0ciwgMCwgb2xkU3RhdGVQdHIsIG91dCByZXR1cm5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChlcnJDb2RlICE9IDEyMikgLy8gRVJST1JfSU5TVUZGSUNJRU5UX0JVRkZFUgogICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKGVyckNvZGUsICJBZGp1c3RUb2tlblByaXZpbGVnZXMoKSBmYWlsZWQgdG8gZ2V0IG9sZCBzdGF0ZSBzaXplIik7CiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAvLyByZXNpemUgdGhlIG9sZFN0YXRlUHRyIGJhc2VkIG9uIHRoZSBsZW5ndGggcmV0dXJuZWQgZnJvbSBXaW5kb3dzCiAgICAgICAgICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChvbGRTdGF0ZVB0cik7CiAgICAgICAgICAgICAgICAgICAgb2xkU3RhdGVQdHIgPSBNYXJzaGFsLkFsbG9jSEdsb2JhbCgoaW50KXJldHVybkxlbmd0aCk7CiAgICAgICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBib29sIHJlcyA9IE5hdGl2ZU1ldGhvZHMuQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGhUb2tlbiwgZGlzYWJsZUFsbFByaXZpbGVnZXMsIG5ld1N0YXRlUHRyLCByZXR1cm5MZW5ndGgsIG9sZFN0YXRlUHRyLCBvdXQgcmV0dXJuTGVuZ3RoKTsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBldmVuIHdoZW4gcmVzID09IHRydWUsIEVSUk9SX05PVF9BTExfQVNTSUdORUQgbWF5IGJlIHNldCBhcyB0aGUgbGFzdCBlcnJvciBjb2RlCiAgICAgICAgICAgICAgICAgICAgICAgIGlmICghcmVzIHx8IGVyckNvZGUgIT0gMCkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihlcnJDb2RlLCAiQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKCkgZmFpbGVkIik7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBNYXJzaGFsIHRoZSBvbGRTdGF0ZVB0ciB0byB0aGUgc3RydWN0CiAgICAgICAgICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUyBvbGRTdGF0ZSA9IChOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShvbGRTdGF0ZVB0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgICAgICBvbGRTdGF0ZVByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW29sZFN0YXRlLlByaXZpbGVnZUNvdW50XTsKICAgICAgICAgICAgICAgICAgICAgICAgUHRyVG9TdHJ1Y3R1cmVBcnJheShvbGRTdGF0ZVByaXZpbGVnZXMsIEludFB0ci5BZGQob2xkU3RhdGVQdHIsIE1hcnNoYWwuU2l6ZU9mKG9sZFN0YXRlLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBNYXJzaGFsLkZyZWVIR2xvYmFsKG9sZFN0YXRlUHRyKTsKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5DbG9zZUhhbmRsZShoVG9rZW4pOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaWYgKG5ld1N0YXRlUHRyICE9IEludFB0ci5aZXJ ScriptBlock ID: 92a189a5-0856-4cec-b53a-43fc33793aa6 Path:	4104	1		3	2	15	0	1831	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3120	2096	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:03 PM	e5295ba9-9827-0005-ef84-2de52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 8): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.PrivilegeUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTggQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiMgc3RvcmUgaW4gc2VwYXJhdGUgdmFyaWFibGVzIHRvIG1ha2UgaXQgZWFzaWVyIGZvciBvdGhlciBtb2R1bGVfdXRpbHMgdG8KIyBzaGFyZSB0aGlzIGNvZGUgaW4gdGhlaXIgb3duIGMjIGNvZGUKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfbmFtZXNwYWNlcyA9IEAoCiAgICAiTWljcm9zb2Z0LldpbjMyLlNhZmVIYW5kbGVzIiwKICAgICJTeXN0ZW0iLAogICAgIlN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljIiwKICAgICJTeXN0ZW0uTGlucSIsCiAgICAiU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzIiwKICAgICJTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsIiwKICAgICJTeXN0ZW0uVGV4dCIKKQoKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfY29kZSA9IEAnCm5hbWVzcGFjZSBBbnNpYmxlLlByaXZpbGVnZVV0aWwKewogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gUHJpdmlsZWdlQXR0cmlidXRlcyA6IHVpbnQKICAgIHsKICAgICAgICBEaXNhYmxlZCA9IDB4MDAwMDAwMDAsCiAgICAgICAgRW5hYmxlZEJ5RGVmYXVsdCA9IDB4MDAwMDAwMDEsCiAgICAgICAgRW5hYmxlZCA9IDB4MDAwMDAwMDIsCiAgICAgICAgUmVtb3ZlZCA9IDB4MDAwMDAwMDQsCiAgICAgICAgVXNlZEZvckFjY2VzcyA9IDB4ODAwMDAwMDAsCiAgICB9CgogICAgaW50ZXJuYWwgY2xhc3MgTmF0aXZlSGVscGVycwogICAgewogICAgICAgIFtTdHJ1Y3RMYXlvdXQoTGF5b3V0S2luZC5TZXF1ZW50aWFsKV0KICAgICAgICBpbnRlcm5hbCBzdHJ1Y3QgTFVJRAogICAgICAgIHsKICAgICAgICAgICAgcHVibGljIFVJbnQzMiBMb3dQYXJ0OwogICAgICAgICAgICBwdWJsaWMgSW50MzIgSGlnaFBhcnQ7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IExVSURfQU5EX0FUVFJJQlVURVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBMVUlEIEx1aWQ7CiAgICAgICAgICAgIHB1YmxpYyBQcml2aWxlZ2VBdHRyaWJ1dGVzIEF0dHJpYnV0ZXM7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IFRPS0VOX1BSSVZJTEVHRVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBVSW50MzIgUHJpdmlsZWdlQ291bnQ7CiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5CeVZhbEFycmF5LCBTaXplQ29uc3QgPSAxKV0KICAgICAgICAgICAgcHVibGljIExVSURfQU5EX0FUVFJJQlVURVNbXSBQcml2aWxlZ2VzOwogICAgICAgIH0KICAgIH0KCiAgICBpbnRlcm5hbCBjbGFzcyBOYXRpdmVNZXRob2RzCiAgICB7CiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIEFkanVzdFRva2VuUHJpdmlsZWdlcygKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuQm9vbCldIGJvb2wgRGlzYWJsZUFsbFByaXZpbGVnZXMsCiAgICAgICAgICAgIEludFB0ciBOZXdTdGF0ZSwKICAgICAgICAgICAgVUludDMyIEJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgSW50UHRyIFByZXZpb3VzU3RhdGUsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIENsb3NlSGFuZGxlKAogICAgICAgICAgICBJbnRQdHIgaE9iamVjdCk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBTYWZlV2FpdEhhbmRsZSBHZXRDdXJyZW50UHJvY2VzcygpOwoKICAgICAgICBbRGxsSW1wb3J0KCJhZHZhcGkzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgR2V0VG9rZW5JbmZvcm1hdGlvbigKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBVSW50MzIgVG9rZW5JbmZvcm1hdGlvbkNsYXNzLAogICAgICAgICAgICBJbnRQdHIgVG9rZW5JbmZvcm1hdGlvbiwKICAgICAgICAgICAgVUludDMyIFRva2VuSW5mb3JtYXRpb25MZW5ndGgsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZU5hbWUoCiAgICAgICAgICAgIHN0cmluZyBscFN5c3RlbU5hbWUsCiAgICAgICAgICAgIHJlZiBOYXRpdmVIZWxwZXJzLkxVSUQgbHBMdWlkLAogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGxwTmFtZSwKICAgICAgICAgICAgcmVmIFVJbnQzMiBjY2hOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZVZhbHVlKAogICAgICAgICAgICBzdHJpbmcgbHBTeXN0ZW1OYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBOYW1lLAogICAgICAgICAgICBvdXQgTmF0aXZlSGVscGVycy5MVUlEIGxwTHVpZCk7CgogICAgICAgIFtEbGxJbXBvcnQoImFkdmFwaTMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBPcGVuUHJvY2Vzc1Rva2VuKAogICAgICAgICAgICBTYWZlSGFuZGxlIFByb2Nlc3NIYW5kbGUsCiAgICAgICAgICAgIFRva2VuQWNjZXNzTGV2ZWxzIERlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIG91dCBJbnRQdHIgVG9rZW5IYW5kbGUpOwogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KICAgICAgICBwdWJsaWMgV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQogICAgICAgIHB1YmxpYyBvdmVycmlkZSBzdHJpbmcgTWVzc2FnZSB7IGdldCB7IHJldHVybiBfbXNnOyB9IH0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4cGxpY2l0IG9wZXJhdG9yIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgV2luMzJFeGNlcHRpb24obWVzc2FnZSk7IH0KICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgUHJpdmlsZWdlcwogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IFVJbnQzMiBUT0tFTl9QUklWSUxFR0VTID0gMzsKCgogICAgICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBDaGVja1ByaXZpbGVnZU5hbWUoc3RyaW5nIG5hbWUpCiAgICAgICAgewogICAgICAgICAgICBOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZDsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIG5hbWUsIG91dCBsdWlkKSkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICBpZiAoZXJyQ29kZSAhPSAxMzEzKSAgLy8gRVJST1JfTk9fU1VDSF9QUklWSUxFR0UKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oZXJyQ29kZSwgU3RyaW5nLkZvcm1hdCgiTG9va3VwUHJpdmlsZWdlVmFsdWUoezB9KSBmYWlsZWQiLCBuYW1lKSk7CiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICByZXR1cm4gdHJ1ZTsKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IERpc2FibGVQcml2aWxlZ2UoU2FmZUhhbmRsZSB0b2tlbiwgc3RyaW5nIHByaXZpbGVnZSkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgZmFsc2UgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBEaXNhYmxlQWxsUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuKQogICAgICAgIHsKICAgICAgICAgICAgcmV0dXJuIEFkanVzdFRva2VuUHJpdmlsZWdlcyh0b2tlbiwgbnVsbCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIERpY3Rpb25hcnk8c3RyaW5nLCBib29sPz4gRW5hYmxlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICByZXR1cm4gU2V0VG9rZW5Qcml2aWxlZ2VzKHRva2VuLCBuZXcgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PigpIHsgeyBw ScriptBlock ID: 92a189a5-0856-4cec-b53a-43fc33793aa6 Path:	4104	1		3	2	15	0	1830	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3120	2096	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:03 PM	e5295ba9-9827-0005-ef84-2de52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1829	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3120	4572	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:03 PM	e5295ba9-9827-0000-1ba2-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3120 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1828	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3120	3636	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:03 PM	e5295ba9-9827-0000-1ba2-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1827	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3120	4572	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:03 PM	e5295ba9-9827-0000-1ba2-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1826	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1188	4176	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:02 PM	e5295ba9-9827-0001-d95b-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1188 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1825	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1188	888	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:02 PM	e5295ba9-9827-0001-d95b-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1824	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1188	4176	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:02 PM	e5295ba9-9827-0001-d95b-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1823	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2348	2512	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:02 PM	e5295ba9-9827-0002-1b6f-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2348 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1822	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2348	592	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:02 PM	e5295ba9-9827-0002-1b6f-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1821	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2348	2512	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:31:02 PM	e5295ba9-9827-0002-1b6f-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = f9626ae5-8d30-47f9-810b-4c0ad9077025 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = eafd2f41-b217-44ae-8840-6e1662f907ad Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 35 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1820	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4476	5044	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:30:52 PM	e5295ba9-9827-0000-bfa1-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $_.$guid_key -eq $adapter.SettingID } ScriptBlock ID: c62bc924-a2fd-465e-964f-9ff878642db0 Path:	4104	1		3	2	15	0	1819	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4476	5044	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:30:52 PM	e5295ba9-9827-0000-b9a1-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Error Message = The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: The term 'facter' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. Fully Qualified Error ID = CommandNotFoundException,Microsoft.PowerShell.Commands.GetCommandCommand Context: Severity = Warning Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = f9626ae5-8d30-47f9-810b-4c0ad9077025 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = eafd2f41-b217-44ae-8840-6e1662f907ad Pipeline ID = 5 Command Name = Get-Command Command Type = Cmdlet Script Name = Command Path = Sequence Number = 33 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4100	1		3	106	19	0	1818	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4476	5044	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:30:51 PM	e5295ba9-9827-0000-b2a1-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	To be used when an exception is raised	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2018, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy Function Get-CustomFacts { [cmdletBinding()] param ( [Parameter(mandatory=$false)] $factpath = $null ) if (-not (Test-Path -Path $factpath)) { Fail-Json $result "The path $factpath does not exist. Typo?" } $FactsFiles = Get-ChildItem -Path $factpath | Where-Object -FilterScript {($PSItem.PSIsContainer -eq $false) -and ($PSItem.Extension -eq '.ps1')} foreach ($FactsFile in $FactsFiles) { $out = & $($FactsFile.FullName) $result.ansible_facts.Add("ansible_$(($FactsFile.Name).Split('.')[0])", $out) } } Function Get-MachineSid { # The Machine SID is stored in HKLM:\SECURITY\SAM\Domains\Account and is # only accessible by the Local System account. This method get's the local # admin account (ends with -500) and lops it off to get the machine sid. $admins_sid = "S-1-5-32-544" $admin_group = ([Security.Principal.SecurityIdentifier]$admins_sid).Translate([Security.Principal.NTAccount]).Value Add-Type -AssemblyName System.DirectoryServices.AccountManagement $principal_context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine) $group_principal = New-Object -TypeName System.DirectoryServices.AccountManagement.GroupPrincipal($principal_context, $admin_group) $searcher = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalSearcher($group_principal) $groups = $searcher.FindOne() $machine_sid = $null foreach ($user in $groups.Members) { $user_sid = $user.Sid if ($user_sid.Value.EndsWith("-500")) { $machine_sid = $user_sid.AccountDomainSid.Value break } } return $machine_sid } $cim_instances = @{} Function Get-LazyCimInstance([string]$instance_name, [string]$namespace="Root\CIMV2") { if(-not $cim_instances.ContainsKey($instance_name)) { $cim_instances[$instance_name] = $(Get-CimInstance -Namespace $namespace -ClassName $instance_name) } return $cim_instances[$instance_name] } $result = @{ ansible_facts = @{ } changed = $false } $grouped_subsets = @{ min=[System.Collections.Generic.List[string]]@('date_time','distribution','dns','env','local','platform','powershell_version','user') network=[System.Collections.Generic.List[string]]@('all_ipv4_addresses','all_ipv6_addresses','interfaces','windows_domain', 'winrm') hardware=[System.Collections.Generic.List[string]]@('bios','memory','processor','uptime') external=[System.Collections.Generic.List[string]]@('facter') } # build "all" set from everything mentioned in the group- this means every value must be in at least one subset to be considered legal $all_set = [System.Collections.Generic.HashSet[string]]@() foreach($kv in $grouped_subsets.GetEnumerator()) { [void] $all_set.UnionWith($kv.Value) } # dynamically create an "all" subset now that we know what should be in it $grouped_subsets['all'] = [System.Collections.Generic.List[string]]$all_set # start with all, build up gather and exclude subsets $gather_subset = [System.Collections.Generic.HashSet[string]]$grouped_subsets.all $explicit_subset = [System.Collections.Generic.HashSet[string]]@() $exclude_subset = [System.Collections.Generic.HashSet[string]]@() $params = Parse-Args $args -supports_check_mode $true $factpath = Get-AnsibleParam -obj $params -name "fact_path" -type "path" $gather_subset_source = Get-AnsibleParam -obj $params -name "gather_subset" -type "list" -default "all" foreach($item in $gather_subset_source) { if(([string]$item).StartsWith("!")) { $item = ([string]$item).Substring(1) if($item -eq "all") { $all_minus_min = [System.Collections.Generic.HashSet[string]]@($all_set) [void] $all_minus_min.ExceptWith($grouped_subsets.min) [void] $exclude_subset.UnionWith($all_minus_min) } elseif($grouped_subsets.ContainsKey($item)) { [void] $exclude_subset.UnionWith($grouped_subsets[$item]) } elseif($all_set.Contains($item)) { [void] $exclude_subset.Add($item) } # NB: invalid exclude values are ignored, since that's what posix setup does } else { if($grouped_subsets.ContainsKey($item)) { [void] $explicit_subset.UnionWith($grouped_subsets[$item]) } elseif($all_set.Contains($item)) { [void] $explicit_subset.Add($item) } else { # NB: POSIX setup fails on invalid value; we warn, because we don't implement the same set as POSIX # and we don't have platform-specific config for this... Add-Warning $result "invalid value $item specified in gather_subset" } } } [void] $gather_subset.ExceptWith($exclude_subset) [void] $gather_subset.UnionWith($explicit_subset) $ansible_facts = @{ gather_subset=@($gather_subset_source) module_setup=$true } $osversion = [Environment]::OSVersion if($gather_subset.Contains('all_ipv4_addresses') -or $gather_subset.Contains('all_ipv6_addresses')) { $netcfg = Get-LazyCimInstance Win32_NetworkAdapterConfiguration # TODO: split v4/v6 properly, return in separate keys $ips = @() Foreach ($ip in $netcfg.IPAddress) { If ($ip) { $ips += $ip } } $ansible_facts += @{ ansible_ip_addresses = $ips } } if($gather_subset.Contains('bios')) { $win32_bios = Get-LazyCimInstance Win32_Bios $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $ansible_facts += @{ ansible_bios_date = $win32_bios.ReleaseDate.ToString("MM/dd/yyyy") ansible_bios_version = $win32_bios.SMBIOSBIOSVersion ansible_product_name = $win32_cs.Model.Trim() ansible_product_serial = $win32_bios.SerialNumber # ansible_product_version = ([string] $win32_cs.SystemFamily) } } if($gather_subset.Contains('date_time')) { $datetime = (Get-Date) $datetime_utc = $datetime.ToUniversalTime() $date = @{ date = $datetime.ToString("yyyy-MM-dd") day = $datetime.ToString("dd") epoch = (Get-Date -UFormat "%s") hour = $datetime.ToString("HH") iso8601 = $datetime_utc.ToString("yyyy-MM-ddTHH:mm:ssZ") iso8601_basic = $datetime.ToString("yyyyMMddTHHmmssffffff") iso8601_basic_short = $datetime.ToString("yyyyMMddTHHmmss") iso8601_micro = $datetime_utc.ToString("yyyy-MM-ddTHH:mm:ss.ffffffZ") minute = $datetime.ToString("mm") month = $datetime.ToString("MM") second = $datetime.ToString("ss") time = $datetime.ToString("HH:mm:ss") tz = ([System.TimeZoneInfo]::Local.Id) tz_offset = $datetime.ToString("zzzz") # Ensure that the weekday is in English weekday = $datetime.ToString("dddd", [System.Globalization.CultureInfo]::InvariantCulture) weekday_number = (Get-Date -UFormat "%w") weeknumber = (Get-Date -UFormat "%W") year = $datetime.ToString("yyyy") } $ansible_facts += @{ ansible_date_time = $date } } if($gather_subset.Contains('distribution')) { $win32_os = Get-LazyCimInstance Win32_OperatingSystem $product_type = switch($win32_os.ProductType) { 1 { "workstation" } 2 { "domain_controller" } 3 { "server" } default { "unknown" } } $ansible_facts += @{ ansible_distribution = $win32_os.Caption ansible_distribution_version = $osversion.Version.ToString() ansible_distribution_major_version = $osversion.Version.Major.ToString() ansible_os_family = "Windows" ansible_os_name = ($win32_os.Name.Split('|')[0]).Trim() ansible_os_product_type = $product_type } } if($gather_subset.Contains('env')) { $env_vars = @{ } foreach ($item in Get-ChildItem Env:) { $name = $item | select -ExpandProperty Name # Powershell ConvertTo-Json fails if string ends with \ $value = ($item | select -ExpandProperty Value).TrimEnd("\") $env_vars.Add($name, $value) } $ansible_facts += @{ ansible_env = $env_vars } } if($gather_subset.Contains('facter')) { # See if Facter is on the System Path Try { $facter_exe = Get-Command facter -ErrorAction Stop $facter_installed = $true } Catch { $facter_installed = $false } # Get JSON from Facter, and parse it out. if ($facter_installed) { &facter -j | Tee-Object -Variable facter_output | Out-Null $facts = "$facter_output" | ConvertFrom-Json ForEach($fact in $facts.PSObject.Properties) { $fact_name = $fact.Name $ansible_facts.Add("facter_$fact_name", $fact.Value) } } } if($gather_subset.Contains('interfaces')) { $netcfg = Get-LazyCimInstance Win32_NetworkAdapterConfiguration $ActiveNetcfg = @() $ActiveNetcfg += $netcfg | where {$_.ipaddress -ne $null} $namespaces = Get-LazyCimInstance __Namespace -namespace root if ($namespaces | Where-Object { $_.Name -eq "StandardCimv" }) { $net_adapters = Get-LazyCimInstance MSFT_NetAdapter -namespace Root\StandardCimv2 $guid_key = "InterfaceGUID" $name_key = "Name" } else { $net_adapters = Get-LazyCimInstance Win32_NetworkAdapter $guid_key = "GUID" $name_key = "NetConnectionID" } $formattednetcfg = @() foreach ($adapter in $ActiveNetcfg) { $thisadapter = @{ default_gateway = $null connection_name = $null dns_domain = $adapter.dnsdomain interface_index = $adapter.InterfaceIndex interface_name = $adapter.description macaddress = $adapter.macaddress } if ($adapter.defaultIPGateway) { $thisadapter.default_gateway = $adapter.DefaultIPGateway[0].ToString() } $net_adapter = $net_adapters | Where-Object { $_.$guid_key -eq $adapter.SettingID } if ($net_adapter) { $thisadapter.connection_name = $net_adapter.$name_key } $formattednetcfg += $thisadapter } $ansible_facts += @{ ansible_interfaces = $formattednetcfg } } if ($gather_subset.Contains("local") -and $factpath -ne $null) { # Get any custom facts; results are updated in the Get-CustomFacts -factpath $factpath } if($gather_subset.Contains('memory')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ansible_facts += @{ # Win32_PhysicalMemory is empty on some virtual platforms ansible_memtotal_mb = ([math]::round($win32_cs.TotalPhysicalMemory / 1024 / 1024)) ansible_swaptotal_mb = ([math]::round($win32_os.TotalSwapSpaceSize / 1024 / 1024)) } } if($gather_subset.Contains('platform')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ip_props = [System.Net.NetworkInformation.IPGlobalProperties]::GetIPGlobalProperties() $ansible_facts += @{ ansible_architecture = $win32_os.OSArchitecture ansible_domain = $ip_props.DomainName ansible_fqdn = ($ip_props.Hostname + "." + $ip_props.DomainName) ansible_hostname = $env:COMPUTERNAME ansible_kernel = $osversion.Version.ToString() ansible_nodename = ($ip_props.HostName + "." + $ip_props.DomainName) ansible_machine_id = Get-MachineSid ansible_owner_contact = ([string] $win32_cs.PrimaryOwnerContact) ansible_owner_name = ([string] $win32_cs.PrimaryOwnerName) # FUTURE: should this live in its own subset? ansible_reboot_pending = (Get-PendingRebootStatus) ansible_system = $osversion.Platform.ToString() ansible_system_description = ([string] $win32_os.Description) ansible_system_vendor = $win32_cs.Manufacturer } } if($gather_subset.Contains('powershell_version')) { $ansible_facts += @{ ansible_powershell_version = ($PSVersionTable.PSVersion.Major) } } if($gather_subset.Contains('processor')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_cpu = Get-LazyCimInstance Win32_Processor if ($win32_cpu -is [array]) { # multi-socket, pick first $win32_cpu = $win32_cpu[0] } $cpu_list = @( ) for ($i=1; $i -le ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors); $i++) { $cpu_list += $win32_cpu.Manufacturer $cpu_list += $win32_cpu.Name } $ansible_facts += @{ ansible_processor = $cpu_list ansible_processor_cores = $win32_cpu.NumberOfCores ansible_processor_count = $win32_cs.NumberOfProcessors ansible_processor_threads_per_core = ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors / $win32_cpu.NumberOfCores) ansible_processor_vcpus = ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors) } } if($gather_subset.Contains('uptime')) { $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ansible_facts += @{ ansible_lastboot = $win32_os.lastbootuptime.ToString("u") ansible_uptime_seconds = $([System.Convert]::ToInt64($(Get-Date).Subtract($win32_os.lastbootuptime).TotalSeconds)) } } if($gather_subset.Contains('user')) { $user = [Security.Principal.WindowsIdentity]::GetCurrent() $ansible_facts += @{ ansible_user_dir = $env:userprofile # Win32_UserAccount.FullName is probably the right thing here, but it can be expensive to get on large domains ansible_user_gecos = "" ansible_user_id = $env:username ansible_user_sid = $user.User.Value } } if($gather_subset.Contains('windows_domain')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $domain_roles = @{ 0 = "Stand-alone workstation" 1 = "Member workstation" 2 = "Stand-alone server" 3 = "Member server" 4 = "Backup domain controller" 5 = "Primary domain controller" } $domain_role = $domain_roles.Get_Item([Int32]$win32_cs.DomainRole) $ansible_facts += @{ ansible_windows_domain = $win32_cs.Domain ansible_windows_domain_member = $win32_cs.PartOfDomain ansible_windows_domain_role = $domain_role } } if($gather_subset.Contains('winrm')) { $winrm_https_listener_parent_paths = Get-ChildItem -Path WSMan:\localhost\Listener -Recurse | Where-Object {$_.PSChildName -eq "Transport" -and $_.Value -eq "HTTPS"} | select PSParentPath if ($winrm_https_listener_parent_paths -isnot [array]) { $winrm_https_listener_parent_paths = @($winrm_https_listener_parent_paths) } $winrm_https_listener_paths = @() foreach ($winrm_https_listener_parent_path in $winrm_https_listener_parent_paths) { $winrm_https_listener_paths += $winrm_https_listener_parent_path.PSParentPath.Substring($winrm_https_listener_parent_path.PSParentPath.LastIndexOf("\")) } $https_listeners = @() foreach ($winrm_https_listener_path in $winrm_https_listener_paths) { $https_listeners += Get-ChildItem -Path "WSMan:\localhost\Listener$winrm_https_listener_path" } $winrm_cert_thumbprints = @() foreach ($https_listener in $https_listeners) { $winrm_cert_thumbprints += $https_listener | where {$_.Name -EQ "CertificateThumbprint" } | select Value } $winrm_cert_expiry = @() foreach ($winrm_cert_thumbprint in $winrm_cert_thumbprints) { Try { $winrm_cert_expiry += Get-ChildItem -Path Cert:\LocalMachine\My | where Thumbprint -EQ $winrm_cert_thumbprint.Value.ToString().ToUpper() | select NotAfter } Catch {} } $winrm_cert_expirations = $winrm_cert_expiry | Sort-Object NotAfter if ($winrm_cert_expirations) { # this fact was renamed from ansible_winrm_certificate_expires due to collision with ansible_winrm_X connection var pattern $ansible_facts.Add("ansible_win_rm_certificate_expires", $winrm_cert_expirations[0].NotAfter.ToString("yyyy-MM-dd HH:mm:ss")) } } $result.ansible_facts += $ansible_facts Exit-Json $result ScriptBlock ID: b5e16b7f-5ea0-4587-8110-612e5ab4c9fd Path:	4104	1		3	2	15	0	1817	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4476	5044	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:30:49 PM	e5295ba9-9827-0000-2da1-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: c0fa3ecf-07c0-4ad0-8dc5-4ed3b9df517b Path:	4104	1		3	2	15	0	1816	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4476	3896	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:30:49 PM	e5295ba9-9827-0002-eb6e-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 4c2b70cf-6a9a-4054-afde-fb70cf9de281 Path:	4104	1		3	2	15	0	1815	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4476	3896	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:30:49 PM	e5295ba9-9827-0001-1e5b-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "gather_timeout": 10, "_ansible_module_name": "setup", "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "gather_subset": ["all"], "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 18483a08-b774-4025-9bb1-8e2f284114c2 Path:	4104	1		3	2	15	0	1814	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4476	3896	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:30:49 PM	e5295ba9-9827-0000-23a1-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): l9iaW9zID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9CaW9zCiAgICAkd2luMzJfY3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX0NvbXB1dGVyU3lzdGVtCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfYmlvc19kYXRlID0gJHdpbjMyX2Jpb3MuUmVsZWFzZURhdGUuVG9TdHJpbmcoIk1NL2RkL3l5eXkiKQogICAgICAgIGFuc2libGVfYmlvc192ZXJzaW9uID0gJHdpbjMyX2Jpb3MuU01CSU9TQklPU1ZlcnNpb24KICAgICAgICBhbnNpYmxlX3Byb2R1Y3RfbmFtZSA9ICR3aW4zMl9jcy5Nb2RlbC5UcmltKCkKICAgICAgICBhbnNpYmxlX3Byb2R1Y3Rfc2VyaWFsID0gJHdpbjMyX2Jpb3MuU2VyaWFsTnVtYmVyCiAgICAgICAgIyBhbnNpYmxlX3Byb2R1Y3RfdmVyc2lvbiA9IChbc3RyaW5nXSAkd2luMzJfY3MuU3lzdGVtRmFtaWx5KQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnZGF0ZV90aW1lJykpIHsKICAgICRkYXRldGltZSA9IChHZXQtRGF0ZSkKICAgICRkYXRldGltZV91dGMgPSAkZGF0ZXRpbWUuVG9Vbml2ZXJzYWxUaW1lKCkKICAgICRkYXRlID0gQHsKICAgICAgICBkYXRlID0gJGRhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIikKICAgICAgICBkYXkgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoImRkIikKICAgICAgICBlcG9jaCA9IChHZXQtRGF0ZSAtVUZvcm1hdCAiJXMiKQogICAgICAgIGhvdXIgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIkhIIikKICAgICAgICBpc284NjAxID0gJGRhdGV0aW1lX3V0Yy5Ub1N0cmluZygieXl5eS1NTS1kZFRISDptbTpzc1oiKQogICAgICAgIGlzbzg2MDFfYmFzaWMgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXlNTWRkVEhIbW1zc2ZmZmZmZiIpCiAgICAgICAgaXNvODYwMV9iYXNpY19zaG9ydCA9ICRkYXRldGltZS5Ub1N0cmluZygieXl5eU1NZGRUSEhtbXNzIikKICAgICAgICBpc284NjAxX21pY3JvID0gJGRhdGV0aW1lX3V0Yy5Ub1N0cmluZygieXl5eS1NTS1kZFRISDptbTpzcy5mZmZmZmZaIikKICAgICAgICBtaW51dGUgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIm1tIikKICAgICAgICBtb250aCA9ICRkYXRldGltZS5Ub1N0cmluZygiTU0iKQogICAgICAgIHNlY29uZCA9ICRkYXRldGltZS5Ub1N0cmluZygic3MiKQogICAgICAgIHRpbWUgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIkhIOm1tOnNzIikKICAgICAgICB0eiA9IChbU3lzdGVtLlRpbWVab25lSW5mb106OkxvY2FsLklkKQogICAgICAgIHR6X29mZnNldCA9ICRkYXRldGltZS5Ub1N0cmluZygienp6eiIpCiAgICAgICAgIyBFbnN1cmUgdGhhdCB0aGUgd2Vla2RheSBpcyBpbiBFbmdsaXNoCiAgICAgICAgd2Vla2RheSA9ICRkYXRldGltZS5Ub1N0cmluZygiZGRkZCIsIFtTeXN0ZW0uR2xvYmFsaXphdGlvbi5DdWx0dXJlSW5mb106OkludmFyaWFudEN1bHR1cmUpCiAgICAgICAgd2Vla2RheV9udW1iZXIgPSAoR2V0LURhdGUgLVVGb3JtYXQgIiV3IikKICAgICAgICB3ZWVrbnVtYmVyID0gKEdldC1EYXRlIC1VRm9ybWF0ICIlVyIpCiAgICAgICAgeWVhciA9ICRkYXRldGltZS5Ub1N0cmluZygieXl5eSIpCiAgICB9CgogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICBhbnNpYmxlX2RhdGVfdGltZSA9ICRkYXRlCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdkaXN0cmlidXRpb24nKSkgewogICAgJHdpbjMyX29zID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9PcGVyYXRpbmdTeXN0ZW0KICAgICRwcm9kdWN0X3R5cGUgPSBzd2l0Y2goJHdpbjMyX29zLlByb2R1Y3RUeXBlKSB7CiAgICAgICAgMSB7ICJ3b3Jrc3RhdGlvbiIgfQogICAgICAgIDIgeyAiZG9tYWluX2NvbnRyb2xsZXIiIH0KICAgICAgICAzIHsgInNlcnZlciIgfQogICAgICAgIGRlZmF1bHQgeyAidW5rbm93biIgfQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9kaXN0cmlidXRpb24gPSAkd2luMzJfb3MuQ2FwdGlvbgogICAgICAgIGFuc2libGVfZGlzdHJpYnV0aW9uX3ZlcnNpb24gPSAkb3N2ZXJzaW9uLlZlcnNpb24uVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfZGlzdHJpYnV0aW9uX21ham9yX3ZlcnNpb24gPSAkb3N2ZXJzaW9uLlZlcnNpb24uTWFqb3IuVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfb3NfZmFtaWx5ID0gIldpbmRvd3MiCiAgICAgICAgYW5zaWJsZV9vc19uYW1lID0gKCR3aW4zMl9vcy5OYW1lLlNwbGl0KCd8JylbMF0pLlRyaW0oKQogICAgICAgIGFuc2libGVfb3NfcHJvZHVjdF90eXBlID0gJHByb2R1Y3RfdHlwZQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnZW52JykpIHsKICAgICRlbnZfdmFycyA9IEB7IH0KICAgIGZvcmVhY2ggKCRpdGVtIGluIEdldC1DaGlsZEl0ZW0gRW52OikgewogICAgICAgICRuYW1lID0gJGl0ZW0gfCBzZWxlY3QgLUV4cGFuZFByb3BlcnR5IE5hbWUKICAgICAgICAjIFBvd2Vyc2hlbGwgQ29udmVydFRvLUpzb24gZmFpbHMgaWYgc3RyaW5nIGVuZHMgd2l0aCBcCiAgICAgICAgJHZhbHVlID0gKCRpdGVtIHwgc2VsZWN0IC1FeHBhbmRQcm9wZXJ0eSBWYWx1ZSkuVHJpbUVuZCgiXCIpCiAgICAgICAgJGVudl92YXJzLkFkZCgkbmFtZSwgJHZhbHVlKQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9lbnYgPSAkZW52X3ZhcnMKICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ2ZhY3RlcicpKSB7CiAgICAjIFNlZSBpZiBGYWN0ZXIgaXMgb24gdGhlIFN5c3RlbSBQYXRoCiAgICBUcnkgewogICAgICAgICRmYWN0ZXJfZXhlID0gR2V0LUNvbW1hbmQgZmFjdGVyIC1FcnJvckFjdGlvbiBTdG9wCiAgICAgICAgJGZhY3Rlcl9pbnN0YWxsZWQgPSAkdHJ1ZQogICAgfSBDYXRjaCB7CiAgICAgICAgJGZhY3Rlcl9pbnN0YWxsZWQgPSAkZmFsc2UKICAgIH0KCiAgICAjIEdldCBKU09OIGZyb20gRmFjdGVyLCBhbmQgcGFyc2UgaXQgb3V0LgogICAgaWYgKCRmYWN0ZXJfaW5zdGFsbGVkKSB7CiAgICAgICAgJmZhY3RlciAtaiB8IFRlZS1PYmplY3QgIC1WYXJpYWJsZSBmYWN0ZXJfb3V0cHV0IHwgT3V0LU51bGwKICAgICAgICAkZmFjdHMgPSAiJGZhY3Rlcl9vdXRwdXQiIHwgQ29udmVydEZyb20tSnNvbgogICAgICAgIEZvckVhY2goJGZhY3QgaW4gJGZhY3RzLlBTT2JqZWN0LlByb3BlcnRpZXMpIHsKICAgICAgICAgICAgJGZhY3RfbmFtZSA9ICRmYWN0Lk5hbWUKICAgICAgICAgICAgJGFuc2libGVfZmFjdHMuQWRkKCJmYWN0ZXJfJGZhY3RfbmFtZSIsICRmYWN0LlZhbHVlKQogICAgICAgIH0KICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ2ludGVyZmFjZXMnKSkgewogICAgJG5ldGNmZyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfTmV0d29ya0FkYXB0ZXJDb25maWd1cmF0aW9uCiAgICAkQWN0aXZlTmV0Y2ZnID0gQCgpCiAgICAkQWN0aXZlTmV0Y2ZnICs9ICRuZXRjZmcgfCB3aGVyZSB7JF8uaXBhZGRyZXNzIC1uZSAkbnVsbH0KCiAgICAkbmFtZXNwYWNlcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgX19OYW1lc3BhY2UgLW5hbWVzcGFjZSByb290CiAgICBpZiAoJG5hbWVzcGFjZXMgfCBXaGVyZS1PYmplY3QgeyAkXy5OYW1lIC1lcSAiU3RhbmRhcmRDaW12IiB9KSB7CiAgICAgICAgJG5ldF9hZGFwdGVycyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgTVNGVF9OZXRBZGFwdGVyIC1uYW1lc3BhY2UgUm9vdFxTdGFuZGFyZENpbXYyCiAgICAgICAgJGd1aWRfa2V5ID0gIkludGVyZmFjZUdVSUQiCiAgICAgICAgJG5hbWVfa2V5ID0gIk5hbWUiCiAgICB9IGVsc2UgewogICAgICAgICRuZXRfYWRhcHRlcnMgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX05ldHdvcmtBZGFwdGVyICAgICAgICAKICAgICAgICAkZ3VpZF9rZXkgPSAiR1VJRCIKICAgICAgICAkbmFtZV9rZXkgPSAiTmV0Q29ubmVjdGlvbklEIgogICAgfQoKICAgICRmb3JtYXR0ZWRuZXRjZmcgPSBAKCkKICAgIGZvcmVhY2ggKCRhZGFwdGVyIGluICRBY3RpdmVOZXRjZmcpCiAgICB7CiAgICAgICAgJHRoaXNhZGFwdGVyID0gQHsKICAgICAgICAgICAgZGVmYXVsdF9nYXRld2F5ID0gJG51bGwKICAgICAgICAgICAgY29ubmVjdGlvbl9uYW1lID0gJG51bGwKICAgICAgICAgICAgZG5zX2RvbWFpbiA9ICRhZGFwdGVyLmRuc2RvbWFpbgogICAgICAgICAgICBpbnRlcmZhY2VfaW5kZXggPSAkYWRhcHRlci5JbnRlcmZhY2VJbmRleAogICAgICAgICAgICBpbnRlcmZhY2VfbmFtZSA9ICRhZGFwdGVyLmRlc2NyaXB0aW9uCiAgICAgICAgICAgIG1hY2FkZHJlc3MgPSAkYWRhcHRlci5tYWNhZGRyZXNzCiAgICAgICAgfQoKICAgICAgICBpZiAoJGFkYXB0ZXIuZGVmYXVsdElQR2F0ZXdheSkKICAgICAgICB7CiAgICAgICAgICAgICR0aGlzYWRhcHRlci5kZWZhdWx0X2dhdGV3YXkgPSAkYWRhcHRlci5EZWZhdWx0SVBHYXRld2F5WzBdLlRvU3RyaW5nKCkKICAgICAgICB9CiAgICAgICAgJG5ldF9hZGFwdGVyID0gJG5ldF9hZGFwdGVycyB8IFdoZXJlLU9iamVjdCB7ICRfLiRndWlkX2tleSAtZXEgJGFkYXB0ZXIuU2V0dGluZ0lEIH0KICAgICAgICBpZiAoJG5ldF9hZGFwdGVyKSB7CiAgICAgICAgICAgICR0aGlzYWRhcHRlci5jb25uZWN0aW9uX25hbWUgPSAkbmV0X2FkYXB0ZXIuJG5hbWVfa2V5CiAgICAgICAgfQoKICAgICAgICAkZm9ybWF0dGVkbmV0Y2ZnICs9ICR0aGlzYWRhcHRlcgogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9pbnRlcmZhY2VzID0gJGZvcm1hdHRlZG5ldGNmZwogICAgfQp9CgppZiAoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoImxvY2FsIikgLWFuZCAkZmFjdHBhdGggLW5lICRudWxsKSB7CiAgICAjIEdldCBhbnkgY3VzdG9tIGZhY3RzOyByZXN1bHRzIGFyZSB1cGRhdGVkIGluIHRoZQogICAgR2V0LUN1c3RvbUZhY3RzIC1mYWN0cGF0aCAkZmFjdHBhdGgKfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ21lbW9yeScpKSB7CiAgICAkd2luMzJfY3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX0NvbXB1dGVyU3lzdGVtCiAgICAkd2luMzJfb3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX09wZXJhdGluZ1N5c3RlbQogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICAjIFdpbjMyX1BoeXNpY2FsTWVtb3J5IGlzIGVtcHR5IG9uIHNvbWUgdmlydHVhbCBwbGF0Zm9ybXMKICAgICAgICBhbnNpYmxlX21lbXRvdGFsX21iID0gKFttYXRoXTo6cm91bmQoJHdpbjMyX2NzLlRvdGFsUGh5c2ljYWxNZW1vcnkgLyAxMDI0IC8gMTAyNCkpCiAgICAgICAgYW5zaWJsZV9zd2FwdG90YWxfbWIgPSAoW21hdGhdOjpyb3VuZCgkd2luMzJfb3MuVG90YWxTd2FwU3BhY2VTaXplIC8gMTAyNCAvIDEwMjQpKQogICAgfQp9CgoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ3BsYXRmb3JtJykpIHsKICAgICR3aW4zMl9jcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfQ29tcHV0ZXJTeXN0ZW0KICAgICR3aW4zMl9vcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfT3BlcmF0aW5nU3lzdGVtCiAgICAkaXBfcHJvcHMgPSBbU3lzdGVtLk5ldC5OZXR3b3JrSW5mb3JtYXRpb24uSVBHbG9iYWxQcm9wZXJ0aWVzXTo6R2V0SVBHbG9iYWxQcm9wZXJ0aWVzKCkKCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfYXJjaGl0ZWN0dXJlID0gJHdpbjMyX29zLk9TQXJjaGl0ZWN0dXJlCiAgICAgICAgYW5zaWJsZV9kb21haW4gPSAkaXBfcHJvcHMuRG9tYWluTmFtZQogICAgICAgIGFuc2libGVfZnFkbiA9ICgkaXBfcHJvcHMuSG9zdG5hbWUgKyAiLiIgKyAkaXBfcHJvcHMuRG9tYWluTmFtZSkKICAgICAgICBhbnNpYmxlX2hvc3RuYW1lID0gJGVudjpDT01QVVRFUk5BTUUKICAgICAgICBhbnNpYmxlX2tlcm5lbCA9ICRvc3ZlcnNpb24uVmVyc2lvbi5Ub1N0cmluZygpCiAgICAgICAgYW5zaWJsZV9ub2RlbmFtZSA9ICgkaXBfcHJvcHMuSG9zdE5hbWUgKyAiLiIgKyAkaXBfcHJvcHMuRG9tYWluTmFtZSkKICAgICAgICBhbnNpYmxlX21hY2hpbmVfaWQgPSBHZXQtTWFjaGluZVNpZAogICAgICAgIGFuc2libGVfb3duZXJfY29udGFjdCA9IChbc3RyaW5nXSAkd2luMzJfY3MuUHJpbWFyeU93bmVyQ29udGFjdCkKICAgICAgICBhbnNpYmxlX293bmVyX25hbWUgPSAoW3N0cmluZ10gJHdpbjMyX2NzLlByaW1hcnlPd25lck5hbWUpCiAgICAgICAgIyBGVVRVUkU6IHNob3VsZCB0aGlzIGxpdmUgaW4gaXRzIG93biBzdWJzZXQ/CiAgICAgICAgYW5zaWJsZV9yZWJvb3RfcGVuZGluZyA9IChHZXQtUGVuZGluZ1JlYm9vdFN0YXR1cykKICAgICAgICBhbnNpYmxlX3N5c3RlbSA9ICRvc3ZlcnNpb24uUGxhdGZvcm0uVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfc3lzdGVtX2Rlc2NyaXB0aW9uID0gKFtzdHJpbmddICR3aW4zMl9vcy5EZXNjcmlwdGlvbikKICAgICAgICBhbnNpYmxlX3N5c3RlbV92ZW5kb3IgPSAkd2luMzJfY3MuTWFudWZhY3R1cmVyCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdwb3dlcnNoZWxsX3ZlcnNpb24nKSkgewogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICBhbnNpYmxlX3Bvd2Vyc2hlbGxfdmVyc2lvbiA9ICgkUFNWZXJzaW9uVGFibGUuUFNWZXJzaW9uLk1ham9yKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygncHJvY2Vzc29yJykpIHsKICAgICR3aW4zMl9jcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfQ29tcHV0ZXJTeXN0ZW0KICAgICR3aW4zMl9jcHUgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX1Byb2Nlc3NvcgogICAgaWYgKCR3aW4zMl9jcHUgLWlzIFthcnJheV0pIHsKICAgICAgICAjIG11bHRpLXNvY2tldCwgcGljayBmaXJzdAogICAgICAgICR3aW4zMl9jcHUgPSAkd2luMzJfY3B1WzBdCiAgICB9CgogICAgJGNwdV9saXN0ID0gQCggKQogICAgZm9yICgkaT0xOyAkaSAtbGUgKCR3aW4zMl9jcHUuTnVtYmVyT2ZMb2dpY2FsUHJvY2Vzc29ycyAvICR3aW4zMl9jcy5OdW1iZXJPZlByb2Nlc3NvcnMpOyAkaSsrKSB7CiAgICAgICAgJGNwdV9saXN0ICs9ICR3aW4zMl9jcHUuTWFudWZhY3R1cmVyCiAgICAgICAgJGNwdV9saXN0ICs9ICR3aW4zMl9jcHUuTmFtZQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9wcm9jZXNzb3IgPSAkY3B1X2xpc3QKICAgICAgICBhbnNpYmxlX3Byb2Nlc3Nvcl9jb3JlcyA9ICR3aW4zMl9jcHUuTnVtYmVyT2ZDb3JlcwogICAgICAgIGFuc2libGVfcHJvY2Vzc29yX2NvdW50ID0gJHdpbjMyX2NzLk51bWJlck9mUHJvY2Vzc29ycwogICAgICAgIGFuc2libGVfcHJvY2Vzc29yX3RocmVhZHNfcGVyX2NvcmUgPSAoJHdpbjMyX2NwdS5OdW1iZXJPZkxvZ2ljYWxQcm9jZXNzb3JzIC8gJHdpbjMyX2NzLk51bWJlck9mUHJvY2Vzc29ycyAvICR3aW4zMl9jcHUuTnVtYmVyT2ZDb3JlcykKICAgICAgICBhbnNpYmxlX3Byb2Nlc3Nvcl92Y3B1cyA9ICgkd2luMzJfY3B1Lk51bWJlck9mTG9naWNhbFByb2Nlc3NvcnMgLyAkd2luMzJfY3MuTnVtYmVyT2ZQcm9jZXNzb3JzKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygndXB0aW1lJykpIHsKICAgICR3aW4zMl9vcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfT3BlcmF0aW5nU3lzdGVtCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfbGFzdGJvb3QgPSAkd2luMzJfb3MubGFzdGJvb3R1cHRpbWUuVG9TdHJpbmcoInUiKQogICAgICAgIGFuc2libGVfdXB0aW1lX3NlY29uZHMgPSAkKFtTeXN0ZW0uQ29udmVydF06OlRvSW50NjQoJChHZXQtRGF0ZSkuU3VidHJhY3QoJHdpbjMyX29zLmxhc3Rib290dXB0aW1lKS5Ub3RhbFNlY29uZHMpKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygndXNlcicpKSB7CiAgICAkdXNlciA9IFtTZWN1cml0eS5QcmluY2lwYWwuV2luZG93c0lkZW50aXR5XTo6R2V0Q3VycmVudCgpCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfdXNlcl9kaXIgPSAkZW52OnVzZXJwcm9maWxlCiAgICAgICAgIyBXaW4zMl9Vc2VyQWNjb3VudC5GdWxsTmFtZSBpcyBwcm9iYWJseSB0aGUgcmlnaHQgdGhpbmcgaGVyZSwgYnV0IGl0IGNhbiBiZSBleHBlbnNpdmUgdG8gZ2V0IG9uIGxhcmdlIGRvbWFpbnMKICAgICAgICBhbnNpYmxlX3VzZXJfZ2Vjb3MgPSAiIgogICAgICAgIGFuc2libGVfdXNlcl9pZCA9ICRlbnY6dXNlcm5hbWUKICAgICAgICBhbnNpYmxlX3VzZXJfc2lkID0gJHVzZXIuVXNlci5WYWx1ZQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnd2luZG93c19kb21haW4nKSkgewogICAgJHdpbjMyX2NzID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9Db21wdXRlclN5c3RlbQogICAgJGRvbWFpbl9yb2xlcyA9IEB7CiAgICAgICAgMCA9ICJTdGFuZC1hbG9uZSB3b3Jrc3RhdGlvbiIKICAgICAgICAxID0gIk1lbWJlciB3b3Jrc3RhdGlvbiIKICAgICAgICAyID0gIlN0YW5kLWFsb25lIHNlcnZlciIKICAgICAgICAzID0gIk1lbWJlciBzZXJ2ZXIiCiAgICAgICAgNCA9ICJCYWNrdXAgZG9tYWluIGNvbnRyb2xsZXIiCiAgICAgICAgNSA9ICJQcmltYXJ5IGRvbWFpbiBjb250cm9sbGVyIgogICAgfQoKICAgICRkb21haW5fcm9sZSA9ICRkb21haW5fcm9sZXMuR2V0X0l0ZW0oW0ludDMyXSR3aW4zMl9jcy5Eb21haW5Sb2xlKQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV93aW5kb3dzX2RvbWFpbiA9ICR3aW4zMl9jcy5Eb21haW4KICAgICAgICBhbnNpYmxlX3dpbmRvd3NfZG9tYWluX21lbWJlciA9ICR3aW4zMl9jcy5QYXJ0T2ZEb21haW4KICAgICAgICBhbnNpYmxlX3dpbmRvd3NfZG9tYWluX3JvbGUgPSAkZG9tYWluX3JvbGUKICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ3dpbnJtJykpIHsKCiAgICAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGFyZW50X3BhdGhzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCBXU01hbjpcbG9jYWxob3N0XExpc3RlbmVyIC1SZWN1cnNlIHwgV2hlcmUtT2JqZWN0IHskXy5QU0NoaWxkTmFtZSAtZXEgIlRyYW5zcG9ydCIgLWFuZCAkXy5WYWx1ZSAtZXEgIkhUVFBTIn0gfCBzZWxlY3QgUFNQYXJlbnRQYXRoCiAgICBpZiAoJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocyAtaXNub3QgW2FycmF5XSkgewogICAgICAgJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocyA9IEAoJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocykKICAgIH0KCiAgICAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aHMgPSBAKCkKICAgIGZvcmVhY2ggKCR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aCBpbiAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGFyZW50X3BhdGhzKSB7CiAgICAgICAgJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhdGhzICs9ICR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aC5QU1BhcmVudFBhdGguU3Vic3RyaW5nKCR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aC5QU1BhcmVudFBhdGguTGFzdEluZGV4T2YoIlwiKSkKICAgIH0KCiAgICAkaHR0cHNfbGlzdGVuZXJzID0gQCgpCiAgICBmb3JlYWNoICgkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aCBpbiAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aHMpIHsKICAgICAgICAkaHR0cHNfbGlzdGVuZXJzICs9IEdldC1DaGlsZEl0ZW0gLVBhdGggIldTTWFuOlxsb2NhbGhvc3RcTGlzdGVuZXIkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aCIKICAgIH0KCiAgICAkd2lucm1fY2VydF90aHVtYnByaW50cyA9IEAoKQogICAgZm9yZWFjaCAoJGh0dHBzX2xpc3RlbmVyIGluICRodHRwc19saXN0ZW5lcnMpIHsKICAgICAgICAkd2lucm1fY2VydF90aHVtYnByaW50cyArPSAkaHR0cHNfbGlzdGVuZXIgfCB3aGVyZSB7JF8uTmFtZSAtRVEgIkNlcnRpZmljYXRlVGh1bWJwcmludCIgfSB8IHNlbGVjdCBWYWx1ZQogICAgfQoKICAgICR3aW5ybV9jZXJ0X2V4cGlyeSA9IEAoKQogICAgZm9yZWFjaCAoJHdpbnJtX2NlcnRfdGh1bWJwcmludCBpbiAkd2lucm1fY2VydF90aHVtYnByaW50cykgewogICAgICAgIFRyeSB7CiAgICAgICAgICAgICR3aW5ybV9jZXJ0X2V4cGlyeSArPSBHZXQtQ2hpbGRJdGVtIC1QYXRoIENlcnQ6XExvY2FsTWFjaGluZVxNeSB8IHdoZXJlIFRodW1icHJpbnQgLUVRICR3aW5ybV9jZXJ0X3RodW1icHJpbnQuVmFsdWUuVG9TdHJpbmcoKS5Ub1VwcGVyKCkgfCBzZWxlY3QgTm90QWZ0ZXIKICAgICAgICB9IENhdGNoIHt9CiAgICB9CgogICAgJHdpbnJtX2NlcnRfZXhwaXJhdGlvbnMgPSAkd2lucm1fY2VydF9leHBpcnkgfCBTb3J0LU9iamVjdCBOb3RBZnRlcgogICAgaWYgKCR3aW5ybV9jZXJ0X2V4cGlyYXRpb25zKSB7CiAgICAgICAgIyB0aGlzIGZhY3Qgd2FzIHJlbmFtZWQgZnJvbSBhbnNpYmxlX3dpbnJtX2NlcnRpZmljYXRlX2V4cGlyZXMgZHVlIHRvIGNvbGxpc2lvbiB3aXRoIGFuc2libGVfd2lucm1fWCBjb25uZWN0aW9uIHZhciBwYXR0ZXJuCiAgICAgICAgJGFuc2libGVfZmFjdHMuQWRkKCJhbnNpYmxlX3dpbl9ybV9jZXJ0aWZpY2F0ZV9leHBpcmVzIiwgJHdpbnJtX2NlcnRfZXhwaXJhdGlvbnNbMF0uTm90QWZ0ZXIuVG9TdHJpbmcoInl5eXktTU0tZGQgSEg6bW06c3MiKSkKICAgIH0KfQoKJHJlc3VsdC5hbnNpYmxlX2ZhY3RzICs9ICRhbnNpYmxlX2ZhY3RzCgpFeGl0LUpzb24gJHJlc3 ScriptBlock ID: 18483a08-b774-4025-9bb1-8e2f284114c2 Path:	4104	1		3	2	15	0	1813	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4476	3896	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:30:49 PM	e5295ba9-9827-0000-23a1-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): G9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTgsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCkZ1bmN0aW9uIEdldC1DdXN0b21GYWN0cyB7CiAgW2NtZGxldEJpbmRpbmcoKV0KICBwYXJhbSAoCiAgICBbUGFyYW1ldGVyKG1hbmRhdG9yeT0kZmFsc2UpXQogICAgJGZhY3RwYXRoID0gJG51bGwKICApCgogIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGZhY3RwYXRoKSkgewogICAgRmFpbC1Kc29uICRyZXN1bHQgIlRoZSBwYXRoICRmYWN0cGF0aCBkb2VzIG5vdCBleGlzdC4gVHlwbz8iCiAgfQoKICAkRmFjdHNGaWxlcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJGZhY3RwYXRoIHwgV2hlcmUtT2JqZWN0IC1GaWx0ZXJTY3JpcHQgeygkUFNJdGVtLlBTSXNDb250YWluZXIgLWVxICRmYWxzZSkgLWFuZCAoJFBTSXRlbS5FeHRlbnNpb24gLWVxICcucHMxJyl9CgogIGZvcmVhY2ggKCRGYWN0c0ZpbGUgaW4gJEZhY3RzRmlsZXMpIHsKICAgICAgJG91dCA9ICYgJCgkRmFjdHNGaWxlLkZ1bGxOYW1lKQogICAgICAkcmVzdWx0LmFuc2libGVfZmFjdHMuQWRkKCJhbnNpYmxlXyQoKCRGYWN0c0ZpbGUuTmFtZSkuU3BsaXQoJy4nKVswXSkiLCAkb3V0KQogIH0KfQoKRnVuY3Rpb24gR2V0LU1hY2hpbmVTaWQgewogICAgIyBUaGUgTWFjaGluZSBTSUQgaXMgc3RvcmVkIGluIEhLTE06XFNFQ1VSSVRZXFNBTVxEb21haW5zXEFjY291bnQgYW5kIGlzCiAgICAjIG9ubHkgYWNjZXNzaWJsZSBieSB0aGUgTG9jYWwgU3lzdGVtIGFjY291bnQuIFRoaXMgbWV0aG9kIGdldCdzIHRoZSBsb2NhbAogICAgIyBhZG1pbiBhY2NvdW50IChlbmRzIHdpdGggLTUwMCkgYW5kIGxvcHMgaXQgb2ZmIHRvIGdldCB0aGUgbWFjaGluZSBzaWQuCgogICAgJGFkbWluc19zaWQgPSAiUy0xLTUtMzItNTQ0IgogICAgJGFkbWluX2dyb3VwID0gKFtTZWN1cml0eS5QcmluY2lwYWwuU2VjdXJpdHlJZGVudGlmaWVyXSRhZG1pbnNfc2lkKS5UcmFuc2xhdGUoW1NlY3VyaXR5LlByaW5jaXBhbC5OVEFjY291bnRdKS5WYWx1ZSAKCiAgICBBZGQtVHlwZSAtQXNzZW1ibHlOYW1lIFN5c3RlbS5EaXJlY3RvcnlTZXJ2aWNlcy5BY2NvdW50TWFuYWdlbWVudAogICAgJHByaW5jaXBhbF9jb250ZXh0ID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50LlByaW5jaXBhbENvbnRleHQoW1N5c3RlbS5EaXJlY3RvcnlTZXJ2aWNlcy5BY2NvdW50TWFuYWdlbWVudC5Db250ZXh0VHlwZV06Ok1hY2hpbmUpCiAgICAkZ3JvdXBfcHJpbmNpcGFsID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50Lkdyb3VwUHJpbmNpcGFsKCRwcmluY2lwYWxfY29udGV4dCwgJGFkbWluX2dyb3VwKQogICAgJHNlYXJjaGVyID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50LlByaW5jaXBhbFNlYXJjaGVyKCRncm91cF9wcmluY2lwYWwpCiAgICAkZ3JvdXBzID0gJHNlYXJjaGVyLkZpbmRPbmUoKQoKICAgICRtYWNoaW5lX3NpZCA9ICRudWxsCiAgICBmb3JlYWNoICgkdXNlciBpbiAkZ3JvdXBzLk1lbWJlcnMpIHsKICAgICAgICAkdXNlcl9zaWQgPSAkdXNlci5TaWQKICAgICAgICBpZiAoJHVzZXJfc2lkLlZhbHVlLkVuZHNXaXRoKCItNTAwIikpIHsKICAgICAgICAgICAgJG1hY2hpbmVfc2lkID0gJHVzZXJfc2lkLkFjY291bnREb21haW5TaWQuVmFsdWUKICAgICAgICAgICAgYnJlYWsKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICRtYWNoaW5lX3NpZAp9CgokY2ltX2luc3RhbmNlcyA9IEB7fQoKRnVuY3Rpb24gR2V0LUxhenlDaW1JbnN0YW5jZShbc3RyaW5nXSRpbnN0YW5jZV9uYW1lLCBbc3RyaW5nXSRuYW1lc3BhY2U9IlJvb3RcQ0lNVjIiKSB7CiAgICBpZigtbm90ICRjaW1faW5zdGFuY2VzLkNvbnRhaW5zS2V5KCRpbnN0YW5jZV9uYW1lKSkgewogICAgICAgICRjaW1faW5zdGFuY2VzWyRpbnN0YW5jZV9uYW1lXSA9ICQoR2V0LUNpbUluc3RhbmNlIC1OYW1lc3BhY2UgJG5hbWVzcGFjZSAtQ2xhc3NOYW1lICRpbnN0YW5jZV9uYW1lKQogICAgfQoKICAgIHJldHVybiAkY2ltX2luc3RhbmNlc1skaW5zdGFuY2VfbmFtZV0KfQoKJHJlc3VsdCA9IEB7CiAgICBhbnNpYmxlX2ZhY3RzID0gQHsgfQogICAgY2hhbmdlZCA9ICRmYWxzZQp9CgokZ3JvdXBlZF9zdWJzZXRzID0gQHsKICAgIG1pbj1bU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuTGlzdFtzdHJpbmddXUAoJ2RhdGVfdGltZScsJ2Rpc3RyaWJ1dGlvbicsJ2RucycsJ2VudicsJ2xvY2FsJywncGxhdGZvcm0nLCdwb3dlcnNoZWxsX3ZlcnNpb24nLCd1c2VyJykKICAgIG5ldHdvcms9W1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkxpc3Rbc3RyaW5nXV1AKCdhbGxfaXB2NF9hZGRyZXNzZXMnLCdhbGxfaXB2Nl9hZGRyZXNzZXMnLCdpbnRlcmZhY2VzJywnd2luZG93c19kb21haW4nLCAnd2lucm0nKQogICAgaGFyZHdhcmU9W1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkxpc3Rbc3RyaW5nXV1AKCdiaW9zJywnbWVtb3J5JywncHJvY2Vzc29yJywndXB0aW1lJykKICAgIGV4dGVybmFsPVtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0W3N0cmluZ11dQCgnZmFjdGVyJykKfQoKIyBidWlsZCAiYWxsIiBzZXQgZnJvbSBldmVyeXRoaW5nIG1lbnRpb25lZCBpbiB0aGUgZ3JvdXAtIHRoaXMgbWVhbnMgZXZlcnkgdmFsdWUgbXVzdCBiZSBpbiBhdCBsZWFzdCBvbmUgc3Vic2V0IHRvIGJlIGNvbnNpZGVyZWQgbGVnYWwKJGFsbF9zZXQgPSBbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSGFzaFNldFtzdHJpbmddXUAoKQoKZm9yZWFjaCgka3YgaW4gJGdyb3VwZWRfc3Vic2V0cy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgIFt2b2lkXSAkYWxsX3NldC5VbmlvbldpdGgoJGt2LlZhbHVlKQp9CgojIGR5bmFtaWNhbGx5IGNyZWF0ZSBhbiAiYWxsIiBzdWJzZXQgbm93IHRoYXQgd2Uga25vdyB3aGF0IHNob3VsZCBiZSBpbiBpdAokZ3JvdXBlZF9zdWJzZXRzWydhbGwnXSA9IFtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0W3N0cmluZ11dJGFsbF9zZXQKCiMgc3RhcnQgd2l0aCBhbGwsIGJ1aWxkIHVwIGdhdGhlciBhbmQgZXhjbHVkZSBzdWJzZXRzCiRnYXRoZXJfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV0kZ3JvdXBlZF9zdWJzZXRzLmFsbAokZXhwbGljaXRfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV1AKCkKJGV4Y2x1ZGVfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV1AKCkKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCiRmYWN0cGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmYWN0X3BhdGgiIC10eXBlICJwYXRoIgokZ2F0aGVyX3N1YnNldF9zb3VyY2UgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2F0aGVyX3N1YnNldCIgLXR5cGUgImxpc3QiIC1kZWZhdWx0ICJhbGwiCgpmb3JlYWNoKCRpdGVtIGluICRnYXRoZXJfc3Vic2V0X3NvdXJjZSkgewogICAgaWYoKFtzdHJpbmddJGl0ZW0pLlN0YXJ0c1dpdGgoIiEiKSkgewogICAgICAgICRpdGVtID0gKFtzdHJpbmddJGl0ZW0pLlN1YnN0cmluZygxKQogICAgICAgIGlmKCRpdGVtIC1lcSAiYWxsIikgewogICAgICAgICAgICAkYWxsX21pbnVzX21pbiA9IFtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5IYXNoU2V0W3N0cmluZ11dQCgkYWxsX3NldCkKICAgICAgICAgICAgW3ZvaWRdICRhbGxfbWludXNfbWluLkV4Y2VwdFdpdGgoJGdyb3VwZWRfc3Vic2V0cy5taW4pCiAgICAgICAgICAgIFt2b2lkXSAkZXhjbHVkZV9zdWJzZXQuVW5pb25XaXRoKCRhbGxfbWludXNfbWluKQogICAgICAgIH0KICAgICAgICBlbHNlaWYoJGdyb3VwZWRfc3Vic2V0cy5Db250YWluc0tleSgkaXRlbSkpIHsKICAgICAgICAgICAgW3ZvaWRdICRleGNsdWRlX3N1YnNldC5VbmlvbldpdGgoJGdyb3VwZWRfc3Vic2V0c1skaXRlbV0pCiAgICAgICAgfQogICAgICAgIGVsc2VpZigkYWxsX3NldC5Db250YWlucygkaXRlbSkpIHsKICAgICAgICAgICAgW3ZvaWRdICRleGNsdWRlX3N1YnNldC5BZGQoJGl0ZW0pCiAgICAgICAgfQogICAgICAgICMgTkI6IGludmFsaWQgZXhjbHVkZSB2YWx1ZXMgYXJlIGlnbm9yZWQsIHNpbmNlIHRoYXQncyB3aGF0IHBvc2l4IHNldHVwIGRvZXMKICAgIH0KICAgIGVsc2UgewogICAgICAgIGlmKCRncm91cGVkX3N1YnNldHMuQ29udGFpbnNLZXkoJGl0ZW0pKSB7CiAgICAgICAgICAgIFt2b2lkXSAkZXhwbGljaXRfc3Vic2V0LlVuaW9uV2l0aCgkZ3JvdXBlZF9zdWJzZXRzWyRpdGVtXSkKICAgICAgICB9CiAgICAgICAgZWxzZWlmKCRhbGxfc2V0LkNvbnRhaW5zKCRpdGVtKSkgewogICAgICAgICAgICBbdm9pZF0gJGV4cGxpY2l0X3N1YnNldC5BZGQoJGl0ZW0pCiAgICAgICAgfQogICAgICAgIGVsc2UgewogICAgICAgICAgICAjIE5COiBQT1NJWCBzZXR1cCBmYWlscyBvbiBpbnZhbGlkIHZhbHVlOyB3ZSB3YXJuLCBiZWNhdXNlIHdlIGRvbid0IGltcGxlbWVudCB0aGUgc2FtZSBzZXQgYXMgUE9TSVgKICAgICAgICAgICAgIyBhbmQgd2UgZG9uJ3QgaGF2ZSBwbGF0Zm9ybS1zcGVjaWZpYyBjb25maWcgZm9yIHRoaXMuLi4KICAgICAgICAgICAgQWRkLVdhcm5pbmcgJHJlc3VsdCAiaW52YWxpZCB2YWx1ZSAkaXRlbSBzcGVjaWZpZWQgaW4gZ2F0aGVyX3N1YnNldCIKICAgICAgICB9CiAgICB9Cn0KClt2b2lkXSAkZ2F0aGVyX3N1YnNldC5FeGNlcHRXaXRoKCRleGNsdWRlX3N1YnNldCkKW3ZvaWRdICRnYXRoZXJfc3Vic2V0LlVuaW9uV2l0aCgkZXhwbGljaXRfc3Vic2V0KQoKJGFuc2libGVfZmFjdHMgPSBAewogICAgZ2F0aGVyX3N1YnNldD1AKCRnYXRoZXJfc3Vic2V0X3NvdXJjZSkKICAgIG1vZHVsZV9zZXR1cD0kdHJ1ZQp9Cgokb3N2ZXJzaW9uID0gW0Vudmlyb25tZW50XTo6T1NWZXJzaW9uCgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnYWxsX2lwdjRfYWRkcmVzc2VzJykgLW9yICRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdhbGxfaXB2Nl9hZGRyZXNzZXMnKSkgewogICAgJG5ldGNmZyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfTmV0d29ya0FkYXB0ZXJDb25maWd1cmF0aW9uCiAgICAKICAgICMgVE9ETzogc3BsaXQgdjQvdjYgcHJvcGVybHksIHJldHVybiBpbiBzZXBhcmF0ZSBrZXlzCiAgICAkaXBzID0gQCgpCiAgICBGb3JlYWNoICgkaXAgaW4gJG5ldGNmZy5JUEFkZHJlc3MpIHsKICAgICAgICBJZiAoJGlwKSB7CiAgICAgICAgICAgICRpcHMgKz0gJGlwCiAgICAgICAgfQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9pcF9hZGRyZXNzZXMgPSAkaXBzCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdiaW9zJykpIHsKICAgICR3aW4zM ScriptBlock ID: 18483a08-b774-4025-9bb1-8e2f284114c2 Path:	4104	1		3	2	15	0	1812	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4476	3896	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:30:49 PM	e5295ba9-9827-0000-23a1-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuV ScriptBlock ID: 18483a08-b774-4025-9bb1-8e2f284114c2 Path:	4104	1		3	2	15	0	1811	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4476	3896	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:30:49 PM	e5295ba9-9827-0000-23a1-2fe52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1810	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4476	4108	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:30:48 PM	e5295ba9-9827-0001-f95a-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4476 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1809	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4476	2608	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:30:48 PM	e5295ba9-9827-0001-f95a-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1808	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4476	4108	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:30:48 PM	e5295ba9-9827-0001-f95a-30e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1807	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1296	1304	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:50 PM	e5295ba9-9827-0004-c85c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1296 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1806	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1296	3868	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:50 PM	e5295ba9-9827-0004-c85c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1805	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1296	1304	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:50 PM	e5295ba9-9827-0004-c85c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = a0ed3cee-6cfb-4b01-b5e3-29ff56010a09 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = cc65a35d-01ab-4da5-a4a0-b5b16d1ae452 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1804	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2480	540	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:50 PM	e5295ba9-9827-0001-c95d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 1ead5fdc-77ce-4784-bf1d-e523ede1ad4a Path:	4104	1		3	2	15	0	1803	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2480	1596	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:49 PM	e5295ba9-9827-0005-555d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: beae80f8-f078-439c-9350-89b00f83e367 Path:	4104	1		3	2	15	0	1802	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2480	1596	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:49 PM	e5295ba9-9827-0005-4e5d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: e4d5d73d-e2c7-4f53-bc23-7c313faefabc Path:	4104	1		3	2	15	0	1801	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2480	1596	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:49 PM	e5295ba9-9827-0005-435d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): WN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "Get-Service neutron-hyperv-agent | %{$_.Status}", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 66b87933-9448-4c8d-8479-dc88bc24346e Path:	4104	1		3	2	15	0	1800	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2480	1596	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:49 PM	e5295ba9-9827-0005-3d5d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZ ScriptBlock ID: 66b87933-9448-4c8d-8479-dc88bc24346e Path:	4104	1		3	2	15	0	1799	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2480	1596	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:49 PM	e5295ba9-9827-0005-3d5d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0 ScriptBlock ID: 66b87933-9448-4c8d-8479-dc88bc24346e Path:	4104	1		3	2	15	0	1798	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2480	1596	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:49 PM	e5295ba9-9827-0005-3d5d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1797	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2480	2472	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:49 PM	e5295ba9-9827-0003-1a5e-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2480 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1796	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2480	1436	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:49 PM	e5295ba9-9827-0003-1a5e-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1795	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2480	2472	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:49 PM	e5295ba9-9827-0003-1a5e-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.Linq; using System.Runtime.InteropServices; using System.Security.Principal; using System.Text; namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = fce0e3bd-45a8-496d-b118-e6269865daae Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 41a77108-efc5-4fd9-8aa5-7e19ba124ba3 Pipeline ID = 8 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 36 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1794	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	604	4648	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:48 PM	e5295ba9-9827-0001-b15d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = fce0e3bd-45a8-496d-b118-e6269865daae Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 41a77108-efc5-4fd9-8aa5-7e19ba124ba3 Pipeline ID = 8 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1793	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	604	4648	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:48 PM	e5295ba9-9827-0000-745d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: dd213974-7339-4280-a76f-fa29cb75682e Path:	4104	1		3	2	15	0	1792	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	604	3260	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:47 PM	e5295ba9-9827-0003-f55d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): original state. If you remove a privilege then this is irreversible and won't be part of the returned dict #> [CmdletBinding()] # build the C# code to compile $namespace_import = ($ansible_privilege_util_namespaces | ForEach-Object { "using $_;" }) -join "`r`n" $platform_util = "$namespace_import`r`n`r`n$ansible_privilege_util_code" # FUTURE: find a better way to get the _ansible_remote_tmp variable # this is used to force csc to compile the C# code in the remote tmp # specified $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $platform_util $env:TMP = $original_tmp } Function Get-AnsiblePrivilege { <# .SYNOPSIS Get the status of a privilege for the current process. This returns $true - the privilege is enabled $false - the privilege is disabled $null - the privilege is removed from the token If Name is not a valid privilege name, this will throw an ArgumentException. .EXAMPLE Get-AnsiblePrivilege -Name SeDebugPrivilege #> [CmdletBinding()] param( [Parameter(Mandatory=$true)][String]$Name ) if (-not [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($Name)) { throw [System.ArgumentException] "Invalid privilege name '$Name'" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() $privilege_info = [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process_token) if ($privilege_info.ContainsKey($Name)) { $status = $privilege_info.$Name return $status.HasFlag([Ansible.PrivilegeUtil.PrivilegeAttributes]::Enabled) } else { return $null } } Function Set-AnsiblePrivilege { <# .SYNOPSIS Enables/Disables a privilege on the current process' token. If a privilege has been removed from the process token, this will throw an InvalidOperationException. .EXAMPLE # enable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $true # disable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $false #> [CmdletBinding(SupportsShouldProcess)] param( [Parameter(Mandatory=$true)][String]$Name, [Parameter(Mandatory=$true)][bool]$Value ) $action = switch($Value) { $true { "Enable" } $false { "Disable" } } $current_state = Get-AnsiblePrivilege -Name $Name if ($current_state -eq $Value) { return # no change needs to occur } elseif ($null -eq $current_state) { # once a privilege is removed from a token we cannot do anything with it throw [System.InvalidOperationException] "Cannot $($action.ToLower()) the privilege '$Name' as it has been removed from the token" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() if ($PSCmdlet.ShouldProcess($Name, "$action the privilege $Name")) { $new_state = New-Object -TypeName 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' $new_state.Add($Name, $Value) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process_token, $new_state) > $null } } Export-ModuleMember -Function Import-PrivilegeUtil, Get-AnsiblePrivilege, Set-AnsiblePrivilege ` -Variable ansible_privilege_util_namespaces, ansible_privilege_util_code ScriptBlock ID: 8f077bbc-23d2-47b7-9482-4c865f215c4f Path:	4104	1		3	2	15	0	1791	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	604	3260	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:47 PM	e5295ba9-9827-0003-f15d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): # Copyright (c) 2018 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) # store in separate variables to make it easier for other module_utils to # share this code in their own c# code $ansible_privilege_util_namespaces = @( "Microsoft.Win32.SafeHandles", "System", "System.Collections.Generic", "System.Linq", "System.Runtime.InteropServices", "System.Security.Principal", "System.Text" ) $ansible_privilege_util_code = @' namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } } '@ Function Import-PrivilegeUtil { <# .SYNOPSIS Compiles the C# code that can be used to manage Windows privileges from an Ansible module. Once this function is called, the following PowerShell cmdlets can be used; Get-AnsiblePrivilege Set-AnsiblePrivilege The above cmdlets give the ability to manage permissions on the current process token but the underlying .NET classes are also exposed for greater control. The following functions can be used by calling the .NET class [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($name) [Ansible.PrivilegeUtil.Privileges]::DisablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::DisableAllPrivileges($process) [Ansible.PrivilegeUtil.Privileges]::EnablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process) [Ansible.PrivilegeUtil.Privileges]::RemovePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process, $new_state) Here is a brief explanation of each type of arg $process = The process handle to manipulate, use '[Ansible.PrivilegeUtils.Privileges]::GetCurrentProcess()' to get the current process handle $name = The name of the privilege, this is the constant value from https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants, e.g. SeAuditPrivilege $new_state = 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' The key is the constant name as a string, the value is a ternary boolean where true - will enable the privilege false - will disable the privilege null - will remove the privilege Each method that changes the privilege state will return a dictionary that can be used as the $new_state arg of SetTokenPrivileges to undo and revert back to the ScriptBlock ID: 8f077bbc-23d2-47b7-9482-4c865f215c4f Path:	4104	1		3	2	15	0	1790	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	604	3260	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:47 PM	e5295ba9-9827-0003-f15d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) #Requires -Module Ansible.ModuleUtils.PrivilegeUtil Function Load-LinkUtils() { $link_util = @' using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } } '@ # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $link_util $env:TMP = $original_tmp Import-PrivilegeUtil # enable the SeBackupPrivilege if it is disabled $state = Get-AnsiblePrivilege -Name SeBackupPrivilege if ($state -eq $false) { Set-AnsiblePrivilege -Name SeBackupPrivilege -Value $true } } Function Get-Link($link_path) { $link_info = [Ansible.LinkUtil]::GetLinkInfo($link_path) return $link_info } Function Remove-Link($link_path) { [Ansible.LinkUtil]::DeleteLink($link_path) } Function New-Link($link_path, $link_target, $link_type) { if (-not (Test-Path -Path $link_target)) { throw "link_target '$link_target' does not exist, cannot create link" } switch($link_type) { "link" { $type = [Ansible.LinkType]::SymbolicLink } "junction" { if (Test-Path -Path $link_target -PathType Leaf) { throw "cannot set the target for a junction point to a file" } $type = [Ansible.LinkType]::JunctionPoint } "hard" { if (Test-Path -Path $link_target -PathType Container) { throw "cannot set the target for a hard link to a directory" } $type = [Ansible.LinkType]::HardLink } default { throw "invalid link_type option $($link_type): expecting link, junction, hard" } } [Ansible.LinkUtil]::CreateLink($link_path, $link_target, $type) } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: f7293437-cd65-49ee-aafc-ed995ad78c74 Path:	4104	1		3	2	15	0	1789	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	604	3260	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:47 PM	e5295ba9-9827-0003-ed5d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 9bf019ed-bd12-4992-b59b-23db96df0423 Path:	4104	1		3	2	15	0	1788	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	604	3260	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:47 PM	e5295ba9-9827-0003-de5d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (9 of 9): B0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAjIEdldCBzeW1ib2xpYyBsaW5rLCBqdW5jdGlvbiBwb2ludCwgaGFyZCBsaW5rIGluZm8KICAgIExvYWQtTGlua1V0aWxzCiAgICB0cnkgewogICAgICAgICRsaW5rX2luZm8gPSBHZXQtTGluayAtbGlua19wYXRoICRpbmZvLkZ1bGxOYW1lCiAgICB9IGNhdGNoIHsKICAgICAgICBBZGQtV2FybmluZyAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBjaGVjay9nZXQgbGluayBpbmZvIGZvciBmaWxlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KICAgIGlmICgkbGlua19pbmZvIC1uZSAkbnVsbCkgewogICAgICAgIHN3aXRjaCAoJGxpbmtfaW5mby5UeXBlKSB7CiAgICAgICAgICAgICJTeW1ib2xpY0xpbmsiIHsKICAgICAgICAgICAgICAgICRzdGF0LmlzbG5rID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJKdW5jdGlvblBvaW50IiB7CiAgICAgICAgICAgICAgICAkc3RhdC5pc2p1bmN0aW9uID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJIYXJkTGluayIgewogICAgICAgICAgICAgICAgJHN0YXQubG5rX3R5cGUgPSAiaGFyZCIKICAgICAgICAgICAgICAgICRzdGF0Lm5saW5rID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cy5Db3VudAoKICAgICAgICAgICAgICAgICMgcmVtb3ZlIGN1cnJlbnQgcGF0aCBmcm9tIHRoZSB0YXJnZXRzCiAgICAgICAgICAgICAgICAkaGxua190YXJnZXRzID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cyB8IFdoZXJlLU9iamVjdCB7ICRfIC1uZSAkc3RhdC5wYXRoIH0KICAgICAgICAgICAgICAgICRzdGF0LmhsbmtfdGFyZ2V0cyA9IEAoJGhsbmtfdGFyZ2V0cykKICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CgogICAgJHJlc3VsdC5zdGF0ID0gJHN0YXQKfQoKRXhpdC1Kc29uICRyZXN1bHQK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_stat", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_check_mode": false, "get_checksum": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack\\log\\neutron-hyperv-agent.log", "get_md5": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 4a4215d4-4cd2-409c-91f5-15060d228a22 Path:	4104	1		3	2	15	0	1787	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	604	3260	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:47 PM	e5295ba9-9827-0003-d85d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (8 of 9): biByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5GaWxlVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxpbmtVdGlsCgpmdW5jdGlvbiBEYXRlVG8tVGltZXN0YW1wKCRzdGFydF9kYXRlLCAkZW5kX2RhdGUpIHsKICAgIGlmICgkc3RhcnRfZGF0ZSAtYW5kICRlbmRfZGF0ZSkgewogICAgICAgIHJldHVybiAoTmV3LVRpbWVTcGFuIC1TdGFydCAkc3RhcnRfZGF0ZSAtRW5kICRlbmRfZGF0ZSkuVG90YWxTZWNvbmRzCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJwYXRoIiAtdHlwZSAicGF0aCIgLWZhaWxpZmVtcHR5ICR0cnVlIC1hbGlhc2VzICJkZXN0IiwibmFtZSIKJGdldF9tZDUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2V0X21kNSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokZ2V0X2NoZWNrc3VtID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImdldF9jaGVja3N1bSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCiRjaGVja3N1bV9hbGdvcml0aG0gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hlY2tzdW1fYWxnb3JpdGhtIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAic2hhMSIgLXZhbGlkYXRlc2V0ICJtZDUiLCJzaGExIiwic2hhMjU2Iiwic2hhMzg0Iiwic2hhNTEyIgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCiAgICBzdGF0ID0gQHsKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfQoKIyBnZXRfbWQ1IHdpbGwgYmUgYW4gdW5kb2N1bWVudGVkIG9wdGlvbiBpbiAyLjkgdG8gYmUgcmVtb3ZlZCBhdCBhIGxhdGVyCiMgZGF0ZSBpZiBwb3NzaWJsZSAoMy4wKykKaWYgKEdldC1NZW1iZXIgLWlucHV0b2JqZWN0ICRwYXJhbXMgLW5hbWUgImdldF9tZDUiKSB7CiAgICBBZGQtRGVwcmVhY3Rpb25XYXJuaW5nIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiZ2V0X21kNSBoYXMgYmVlbiBkZXByZWNhdGVkIGFsb25nIHdpdGggdGhlIG1kNSByZXR1cm4gdmFsdWUsIHVzZSBnZXRfY2hlY2tzdW09VHJ1ZSBhbmQgY2hlY2tzdW1fYWxnb3JpdGhtPW1kNSBpbnN0ZWFkIiAtdmVyc2lvbiAyLjkKfQoKJGluZm8gPSBHZXQtQW5zaWJsZUl0ZW0gLVBhdGggJHBhdGggLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKSWYgKCRpbmZvIC1uZSAkbnVsbCkgewogICAgJGVwb2NoX2RhdGUgPSBHZXQtRGF0ZSAtRGF0ZSAiMDEvMDEvMTk3MCIKICAgICRhdHRyaWJ1dGVzID0gQCgpCiAgICBmb3JlYWNoICgkYXR0cmlidXRlIGluICgkaW5mby5BdHRyaWJ1dGVzIC1zcGxpdCAnLCcpKSB7CiAgICAgICAgJGF0dHJpYnV0ZXMgKz0gJGF0dHJpYnV0ZS5UcmltKCkKICAgIH0KCiAgICAjIGRlZmF1bHQgdmFsdWVzIHRoYXQgYXJlIGFsd2F5cyBzZXQsIHNwZWNpZmljIHZhbHVlcyBhcmUgc2V0IGJlbG93IHRoaXMKICAgICMgYnV0IGFyZSBrZXB0IGNvbW1lbnRlZCBmb3IgZWFzaWVyIHJlYWRhYmlsaXR5CiAgICAkc3RhdCA9IEB7CiAgICAgICAgZXhpc3RzID0gJHRydWUKICAgICAgICBhdHRyaWJ1dGVzID0gJGluZm8uQXR0cmlidXRlcy5Ub1N0cmluZygpCiAgICAgICAgaXNhcmNoaXZlID0gKCRhdHRyaWJ1dGVzIC1jb250YWlucyAiQXJjaGl2ZSIpCiAgICAgICAgaXNkaXIgPSAkZmFsc2UKICAgICAgICBpc2hpZGRlbiA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIkhpZGRlbiIpCiAgICAgICAgaXNqdW5jdGlvbiA9ICRmYWxzZQogICAgICAgIGlzbG5rID0gJGZhbHNlCiAgICAgICAgaXNyZWFkb25seSA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIlJlYWRPbmx5IikKICAgICAgICBpc3JlZyA9ICRmYWxzZQogICAgICAgIGlzc2hhcmVkID0gJGZhbHNlCiAgICAgICAgbmxpbmsgPSAxICAjIE51bWJlciBvZiBsaW5rcyB0byB0aGUgZmlsZSAoaGFyZCBsaW5rcyksIG92ZXJyaWRlbiBiZWxvdyBpZiBpc2xuawogICAgICAgICMgbG5rX3RhcmdldCA9IGlzbG5rIG9yIGlzanVuY3Rpb24gVGFyZ2V0IG9mIHRoZSBzeW1saW5rLiBOb3RlIHRoYXQgcmVsYXRpdmUgcGF0aHMgcmVtYWluIHJlbGF0aXZlCiAgICAgICAgIyBsbmtfc291cmNlID0gaXNsbmsgb3MgaXNqdW5jdGlvbiBUYXJnZXQgb2YgdGhlIHN5bWxpbmsgbm9ybWFsaXplZCBmb3IgdGhlIHJlbW90ZSBmaWxlc3lzdGVtCiAgICAgICAgaGxua190YXJnZXRzID0gQCgpCiAgICAgICAgY3JlYXRpb250aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkNyZWF0aW9uVGltZSkKICAgICAgICBsYXN0YWNjZXNzdGltZSA9IChEYXRlVG8tVGltZXN0YW1wIC1zdGFydF9kYXRlICRlcG9jaF9kYXRlIC1lbmRfZGF0ZSAkaW5mby5MYXN0QWNjZXNzVGltZSkKICAgICAgICBsYXN0d3JpdGV0aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkxhc3RXcml0ZVRpbWUpCiAgICAgICAgIyBzaXplID0gYSBmaWxlIGFuZCBkaXJlY3RvcnkgLSBjYWxjdWxhdGVkIGJlbG93CiAgICAgICAgcGF0aCA9ICRpbmZvLkZ1bGxOYW1lCiAgICAgICAgZmlsZW5hbWUgPSAkaW5mby5OYW1lCiAgICAgICAgIyBleHRlbnNpb24gPSBhIGZpbGUKICAgICAgICAjIG93bmVyID0gc2V0IG91dHNpdGUgdGhpcyBkaWN0IGluIGNhc2UgaXQgZmFpbHMKICAgICAgICAjIHNoYXJlbmFtZSA9IGEgZGlyZWN0b3J5IGFuZCBpc3NoYXJlZCBpcyBUcnVlCiAgICAgICAgIyBjaGVja3N1bSA9IGEgZmlsZSBhbmQgZ2V0X2NoZWNrc3VtOiBUcnVlCiAgICAgICAgIyBtZDUgPSBhIGZpbGUgYW5kIGdldF9tZDU6IFRydWUKICAgIH0KICAgICRzdGF0Lm93bmVyID0gJGluZm8uR2V0QWNjZXNzQ29udHJvbCgpLk93bmVyCgogICAgIyB2YWx1ZXMgdGhhdCBhcmUgc2V0IGFjY29yZGluZyB0byB0aGUgdHlwZSBvZiBmaWxlCiAgICBpZiAoJGluZm8uQXR0cmlidXRlcy5IYXNGbGFnKFtTeXN0ZW0uSU8uRmlsZUF0dHJpYnV0ZXNdOjpEaXJlY3RvcnkpKSB7CiAgICAgICAgJHN0YXQuaXNkaXIgPSAkdHJ1ZQogICAgICAgICRzaGFyZV9pbmZvID0gR2V0LVdtaU9iamVjdCAtQ2xhc3MgV2luMzJfU2hhcmUgLUZpbHRlciAiUGF0aD0nJCgkc3RhdC5wYXRoIC1yZXBsYWNlICdcXCcsICdcXCcpJyIKICAgICAgICBpZiAoJHNoYXJlX2luZm8gLW5lICRudWxsKSB7CiAgICAgICAgICAgICRzdGF0Lmlzc2hhcmVkID0gJHRydWUKICAgICAgICAgICAgJHN0YXQuc2hhcmVuYW1lID0gJHNoYXJlX2luZm8uTmFtZQogICAgICAgIH0KCiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHNpemUgPSAwCiAgICAgICAgICAgIGZvcmVhY2ggKCRmaWxlIGluICRpbmZvLkVudW1lcmF0ZUZpbGVzKCIqIiwgW1N5c3RlbS5JTy5TZWFyY2hPcHRpb25dOjpBbGxEaXJlY3RvcmllcykpIHsKICAgICAgICAgICAgICAgICRzaXplICs9ICRmaWxlLkxlbmd0aAogICAgICAgICAgICB9CiAgICAgICAgICAgICRzdGF0LnNpemUgPSAkc2l6ZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICAkc3RhdC5zaXplID0gMAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHN0YXQuZXh0ZW5zaW9uID0gJGluZm8uRXh0ZW5zaW9uCiAgICAgICAgJHN0YXQuaXNyZWcgPSAkdHJ1ZQogICAgICAgICRzdGF0LnNpemUgPSAkaW5mby5MZW5ndGgKCiAgICAgICAgaWYgKCRnZXRfbWQ1KSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3RhdC5tZDUgPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gIm1kNSIKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gZ2V0IE1ENSBoYXNoIG9mIGZpbGUsIHJlbW92ZSBnZXRfbWQ1IHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBpZiAoJGdldF9jaGVja3N1bSkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgJHN0YXQuY2hlY2tzdW0gPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gJGNoZWNrc3VtX2FsZ29yaXRobQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byBnZXQgaGFzaCBvZiBmaWxlLCBzZXQgZ2V0X2NoZWNrc3VtIHRvIEZhbHNlIHRvIGlnbm9yZS ScriptBlock ID: 4a4215d4-4cd2-409c-91f5-15060d228a22 Path:	4104	1		3	2	15	0	1786	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	604	3260	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:47 PM	e5295ba9-9827-0003-d85d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (7 of 9): CAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlv ScriptBlock ID: 4a4215d4-4cd2-409c-91f5-15060d228a22 Path:	4104	1		3	2	15	0	1785	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	604	3260	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:47 PM	e5295ba9-9827-0003-d85d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 9): ICAgICAgICAgYnVmZmVyLlByaW50TmFtZU9mZnNldCA9IChVSW50MTYpKGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCArIDIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZUxlbmd0aCA9IChVSW50MTYpKHByaW50TmFtZS5MZW5ndGggKiBTSVpFX09GX1dDSEFSKTsKCiAgICAgICAgICAgICAgICBidWZmZXIuUmVwYXJzZVRhZyA9IElPX1JFUEFSU0VfVEFHX01PVU5UX1BPSU5UOwogICAgICAgICAgICAgICAgYnVmZmVyLlJlcGFyc2VEYXRhTGVuZ3RoID0gKFVJbnQxNikoYnVmZmVyLlN1YnN0aXR1dGVOYW1lTGVuZ3RoICsgYnVmZmVyLlByaW50TmFtZUxlbmd0aCArIDEyKTsKICAgICAgICAgICAgICAgIGJ1ZmZlci5QYXRoQnVmZmVyID0gbmV3IGNoYXJbTUFYSU1VTV9SRVBBUlNFX0RBVEFfQlVGRkVSX1NJWkVdOwoKICAgICAgICAgICAgICAgIGJ5dGVbXSB1bmljb2RlQnl0ZXMgPSBFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHN1YnN0aXR1dGVOYW1lICsgIlwwIiArIHByaW50TmFtZSk7CiAgICAgICAgICAgICAgICBjaGFyW10gcGF0aEJ1ZmZlciA9IEVuY29kaW5nLlVuaWNvZGUuR2V0Q2hhcnModW5pY29kZUJ5dGVzKTsKICAgICAgICAgICAgICAgIEFycmF5LkNvcHkocGF0aEJ1ZmZlciwgYnVmZmVyLlBhdGhCdWZmZXIsIHBhdGhCdWZmZXIuTGVuZ3RoKTsKCiAgICAgICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIChVSW50MzIpKGJ1ZmZlci5SZXBhcnNlRGF0YUxlbmd0aCArIDgpLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLCAwLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgdG8gY3JlYXRlIGp1bmN0aW9uIHBvaW50IGF0IHswfSB0byB7MX0iLCBsaW5rUGF0aCwgbGlua1RhcmdldCkpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZmlsZUhhbmRsZS5EaXNwb3NlKCk7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9Cn0KJ0AKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRsaW5rX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKICAgIEltcG9ydC1Qcml2aWxlZ2VVdGlsCiAgICAjIGVuYWJsZSB0aGUgU2VCYWNrdXBQcml2aWxlZ2UgaWYgaXQgaXMgZGlzYWJsZWQKICAgICRzdGF0ZSA9IEdldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQmFja3VwUHJpdmlsZWdlCiAgICBpZiAoJHN0YXRlIC1lcSAkZmFsc2UpIHsKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZSAtTmFtZSBTZUJhY2t1cFByaXZpbGVnZSAtVmFsdWUgJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUxpbmsoJGxpbmtfcGF0aCkgewogICAgJGxpbmtfaW5mbyA9IFtBbnNpYmxlLkxpbmtVdGlsXTo6R2V0TGlua0luZm8oJGxpbmtfcGF0aCkKICAgIHJldHVybiAkbGlua19pbmZvCn0KCkZ1bmN0aW9uIFJlbW92ZS1MaW5rKCRsaW5rX3BhdGgpIHsKICAgIFtBbnNpYmxlLkxpbmtVdGlsXTo6RGVsZXRlTGluaygkbGlua19wYXRoKQp9CgpGdW5jdGlvbiBOZXctTGluaygkbGlua19wYXRoLCAkbGlua190YXJnZXQsICRsaW5rX3R5cGUpIHsKICAgIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0KSkgewogICAgICAgIHRocm93ICJsaW5rX3RhcmdldCAnJGxpbmtfdGFyZ2V0JyBkb2VzIG5vdCBleGlzdCwgY2Fubm90IGNyZWF0ZSBsaW5rIgogICAgfQogICAgCiAgICBzd2l0Y2goJGxpbmtfdHlwZSkgewogICAgICAgICJsaW5rIiB7CiAgICAgICAgICAgICR0eXBlID0gW0Fuc2libGUuTGlua1R5cGVdOjpTeW1ib2xpY0xpbmsKICAgICAgICB9CiAgICAgICAgImp1bmN0aW9uIiB7CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGp1bmN0aW9uIHBvaW50IHRvIGEgZmlsZSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SnVuY3Rpb25Qb2ludAogICAgICAgIH0KICAgICAgICAiaGFyZCIgewogICAgICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRsaW5rX3RhcmdldCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGhhcmQgbGluayB0byBhIGRpcmVjdG9yeSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SGFyZExpbmsKICAgICAgICB9CiAgICAgICAgZGVmYXVsdCB7IHRocm93ICJpbnZhbGlkIGxpbmtfdHlwZSBvcHRpb24gJCgkbGlua190eXBlKTogZXhwZWN0aW5nIGxpbmssIGp1bmN0aW9uLCBoYXJkIiB9CiAgICB9CiAgICBbQW5zaWJsZS5MaW5rVXRpbF06OkNyZWF0ZUxpbmsoJGxpbmtfcGF0aCwgJGxpbmtfdGFyZ2V0LCAkdHlwZSkKfQoKIyB0aGlzIGxpbmUgbXVzdCBzdGF5IGF0IHRoZSBib3R0b20gdG8gZW5zdXJlIGFsbCBkZWZpbmVkIG1vZHVsZSBwYXJ0cyBhcmUgZXhwb3J0ZWQKRXhwb3J0LU1vZHVsZU1lbWJlciAtQWxpYXMgKiAtRnVuY3Rpb24gKiAtQ21kbGV0ICoK", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogI ScriptBlock ID: 4a4215d4-4cd2-409c-91f5-15060d228a22 Path:	4104	1		3	2	15	0	1784	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	604	3260	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:47 PM	e5295ba9-9827-0003-d85d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 9): msoc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgYm9vbCBzdWNjZXNzOwogICAgICAgICAgICBGaWxlQXR0cmlidXRlcyBhdHRyID0gRmlsZS5HZXRBdHRyaWJ1dGVzKGxpbmtQYXRoKTsKICAgICAgICAgICAgaWYgKGF0dHIuSGFzRmxhZyhGaWxlQXR0cmlidXRlcy5EaXJlY3RvcnkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzdWNjZXNzID0gUmVtb3ZlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIHN1Y2Nlc3MgPSBEZWxldGVGaWxlKGxpbmtQYXRoKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgaWYgKCFzdWNjZXNzKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRmFpbGVkIHRvIGRlbGV0ZSBsaW5rIGF0IHswfSIsIGxpbmtQYXRoKSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgQ3JlYXRlTGluayhzdHJpbmcgbGlua1BhdGgsIFN0cmluZyBsaW5rVGFyZ2V0LCBMaW5rVHlwZSBsaW5rVHlwZSkKICAgICAgICB7CiAgICAgICAgICAgIHN3aXRjaCAobGlua1R5cGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGNhc2UgTGlua1R5cGUuU3ltYm9saWNMaW5rOgogICAgICAgICAgICAgICAgICAgIFVJbnQzMiBsaW5rRmxhZ3M7CiAgICAgICAgICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rVGFyZ2V0KTsKICAgICAgICAgICAgICAgICAgICBpZiAoYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICAgICAgICAgIGxpbmtGbGFncyA9IFNZTUJPTElDX0xJTktfRkxBR19ESVJFQ1RPUlk7CiAgICAgICAgICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgICAgICAgICBsaW5rRmxhZ3MgPSBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRTsKCiAgICAgICAgICAgICAgICAgICAgaWYgKCFDcmVhdGVTeW1ib2xpY0xpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIGxpbmtGbGFncykpCiAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZVN5bWJvbGljTGluayh7MH0sIHsxfSwgezJ9KSBmYWlsZWQiLCBsaW5rUGF0aCwgbGlua1RhcmdldCwgbGlua0ZsYWdzKSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkp1bmN0aW9uUG9pbnQ6CiAgICAgICAgICAgICAgICAgICAgQ3JlYXRlSnVuY3Rpb25Qb2ludChsaW5rUGF0aCwgbGlua1RhcmdldCk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkhhcmRMaW5rOgogICAgICAgICAgICAgICAgICAgIGlmICghQ3JlYXRlSGFyZExpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlSGFyZExpbmsoezB9LCB7MX0pIGZhaWxlZCIsIGxpbmtQYXRoLCBsaW5rVGFyZ2V0KSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIExpbmtJbmZvIEdldEhhcmRMaW5rSW5mbyhzdHJpbmcgbGlua1BhdGgpCiAgICAgICAgewogICAgICAgICAgICBVSW50MzIgbWF4UGF0aCA9IDI2MDsKICAgICAgICAgICAgTGlzdDxzdHJpbmc+IHJlc3VsdCA9IG5ldyBMaXN0PHN0cmluZz4oKTsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgc2IgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KW1heFBhdGgpOwogICAgICAgICAgICBVSW50MzIgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgaWYgKCFHZXRWb2x1bWVQYXRoTmFtZShsaW5rUGF0aCwgc2IsIHJlZiBzdHJpbmdMZW5ndGgpKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oIkdldFZvbHVtZVBhdGhOYW1lKCkgZmFpbGVkIik7CiAgICAgICAgICAgIHN0cmluZyB2b2x1bWUgPSBzYi5Ub1N0cmluZygpOwoKICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgSW50UHRyIGZpbmRIYW5kbGUgPSBGaW5kRmlyc3RGaWxlTmFtZVcobGlua1BhdGgsIDAsIHJlZiBzdHJpbmdMZW5ndGgsIHNiKTsKICAgICAgICAgICAgaWYgKGZpbmRIYW5kbGUuVG9JbnQ2NCgpICE9IElOVkFMSURfSEFORExFX1ZBTFVFKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBkbwogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nIGhhcmRMaW5rUGF0aCA9IHNiLlRvU3RyaW5nKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChoYXJkTGlua1BhdGguU3RhcnRzV2l0aCgiXFwiKSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhhcmRMaW5rUGF0aCA9IGhhcmRMaW5rUGF0aC5TdWJzdHJpbmcoMSwgaGFyZExpbmtQYXRoLkxlbmd0aCAtIDEpOwoKICAgICAgICAgICAgICAgICAgICAgICAgcmVzdWx0LkFkZChQYXRoLkNvbWJpbmUodm9sdW1lLCBoYXJkTGlua1BhdGgpKTsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKCiAgICAgICAgICAgICAgICAgICAgfSB3aGlsZSAoRmluZE5leHRGaWxlTmFtZVcoZmluZEhhbmRsZSwgcmVmIHN0cmluZ0xlbmd0aCwgc2IpKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBGaW5kQ2xvc2UoZmluZEhhbmRsZSk7CiAgICAgICAgICAgICAgICB9ICAgICAgICAgICAgICAgIAogICAgICAgICAgICB9CgogICAgICAgICAgICBpZiAocmVzdWx0LkNvdW50ID4gMSkKICAgICAgICAgICAgICAgIHJldHVybiBuZXcgTGlua0luZm8KICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBUeXBlID0gTGlua1R5cGUuSGFyZExpbmssCiAgICAgICAgICAgICAgICAgICAgSGFyZFRhcmdldHMgPSByZXN1bHQuVG9BcnJheSgpCiAgICAgICAgICAgICAgICB9OwoKICAgICAgICAgICAgcmV0dXJuIG51bGw7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBMaW5rSW5mbyBHZXRSZXBhcnNlUG9pbnRJbmZvKHN0cmluZyBsaW5rUGF0aCkKICAgICAgICB7CiAgICAgICAgICAgIFNhZmVGaWxlSGFuZGxlIGZpbGVIYW5kbGUgPSBDcmVhdGVGaWxlKAogICAgICAgICAgICAgICAgbGlua1BhdGgsCiAgICAgICAgICAgICAgICBGaWxlQWNjZXNzLlJlYWQsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuTm9uZSwKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgRmlsZU1vZGUuT3BlbiwKICAgICAgICAgICAgICAgIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgfCBGSUxFX0ZMQUdfQkFDS1VQX1NFTUFOVElDUywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKTsKCiAgICAgICAgICAgIGlmIChmaWxlSGFuZGxlLklzSW52YWxpZCkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZUZpbGUoezB9KSBmYWlsZWQiLCBsaW5rUGF0aCkpOyAgICAgICAgICAgIAoKICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfR0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICAgICAgMCwKICAgICAgICAgICAgICAgICAgICBvdXQgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIE1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgZm9yIGZpbGUgYXQgezB9IiwgbGlua1BhdGgpKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUuRGlzcG9zZSgpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBib29sIGlzUmVsYXRpdmUgPSBmYWxzZTsKICAgICAgICAgICAgaW50IHBhdGhPZmZzZXQgPSAwOwogICAgICAgICAgICBMaW5rVHlwZSBsaW5rVHlwZTsKICAgICAgICAgICAgaWYgKGJ1ZmZlci5SZXBhcnNlVGFnID09IElPX1JFUEFSU0VfVEFHX1NZTUxJTkspCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFVJbnQzMiBidWZmZXJGbGFncyA9IENvbnZlcnQuVG9VSW50MzIoYnVmZmVyLlBhdGhCdWZmZXJbMF0pICsgQ29udmVydC5Ub1VJbnQzMihidWZmZXIuUGF0aEJ1ZmZlclsxXSk7CiAgICAgICAgICAgICAgICBpZiAoYnVmZmVyRmxhZ3MgPT0gU1lNTElOS19GTEFHX1JFTEFUSVZFKQogICAgICAgICAgICAgICAgICAgIGlzUmVsYXRpdmUgPSB0cnVlOwogICAgICAgICAgICAgICAgcGF0aE9mZnNldCA9IDI7CiAgICAgICAgICAgICAgICBsaW5rVHlwZSA9IExpbmtUeXBlLlN5bWJvbGljTGluazsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlIGlmIChidWZmZXIuUmVwYXJzZVRhZyA9PSBJT19SRVBBUlNFX1RBR19NT1VOVF9QT0lOVCkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgbGlua1R5cGUgPSBMaW5rVHlwZS5KdW5jdGlvblBvaW50OwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIGVycm9yTWVzc2FnZSA9IFN0cmluZy5Gb3JtYXQoIkludmFsaWQgUmVwYXJzZSBUYWc6IHswfSIsIGJ1ZmZlci5SZXBhcnNlVGFnLlRvU3RyaW5nKCkpOwogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEV4Y2VwdGlvbihlcnJvck1lc3NhZ2UpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBzdHJpbmcgcHJpbnROYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlByaW50TmFtZU9mZnNldCAvIFNJWkVfT0ZfV0NIQVIpICsgcGF0aE9mZnNldCwgKGludCkoYnVmZmVyLlByaW50TmFtZUxlbmd0aCAvIFNJWkVfT0ZfV0NIQVIpKTsKICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0IC8gU0laRV9PRl9XQ0hBUikgKyBwYXRoT2Zmc2V0LCAoaW50KShidWZmZXIuU3Vic3RpdHV0ZU5hbWVMZW5ndGggLyBTSVpFX09GX1dDSEFSKSk7CgogICAgICAgICAgICAvLyBUT0RPOiBzaG91bGQgd2UgY2hlY2sgZm9yIFw/XFVOQ1xzZXJ2ZXIgZm9yIGNvbnZlcnQgaXQgdG8gdGhlIE5UIHN0eWxlIFxcc2VydmVyIHBhdGgKICAgICAgICAgICAgLy8gUmVtb3ZlIHRoZSBsZWFkaW5nIFdpbmRvd3Mgb2JqZWN0IGRpcmVjdG9yeSBcP1wgZnJvbSB0aGUgcGF0aCBpZiBwcmVzZW50CiAgICAgICAgICAgIHN0cmluZyB0YXJnZXRQYXRoID0gc3Vic3RpdHV0ZU5hbWU7CiAgICAgICAgICAgIGlmICh0YXJnZXRQYXRoLlN0YXJ0c1dpdGgoIlxcPz9cXCIpKQogICAgICAgICAgICAgICAgdGFyZ2V0UGF0aCA9IHRhcmdldFBhdGguU3Vic3RyaW5nKDQsIHRhcmdldFBhdGguTGVuZ3RoIC0gNCk7CgogICAgICAgICAgICBzdHJpbmcgYWJzb2x1dGVQYXRoID0gdGFyZ2V0UGF0aDsKICAgICAgICAgICAgaWYgKGlzUmVsYXRpdmUpCiAgICAgICAgICAgICAgICBhYnNvbHV0ZVBhdGggPSBQYXRoLkdldEZ1bGxQYXRoKFBhdGguQ29tYmluZShuZXcgRmlsZUluZm8obGlua1BhdGgpLkRpcmVjdG9yeS5GdWxsTmFtZSwgdGFyZ2V0UGF0aCkpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBMaW5rSW5mbwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBUeXBlID0gbGlua1R5cGUsCiAgICAgICAgICAgICAgICBQcmludE5hbWUgPSBwcmludE5hbWUsCiAgICAgICAgICAgICAgICBTdWJzdGl0dXRlTmFtZSA9IHN1YnN0aXR1dGVOYW1lLAogICAgICAgICAgICAgICAgQWJzb2x1dGVQYXRoID0gYWJzb2x1dGVQYXRoLAogICAgICAgICAgICAgICAgVGFyZ2V0UGF0aCA9IHRhcmdldFBhdGgKICAgICAgICAgICAgfTsKICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIHZvaWQgQ3JlYXRlSnVuY3Rpb25Qb2ludChzdHJpbmcgbGlua1BhdGgsIHN0cmluZyBsaW5rVGFyZ2V0KQogICAgICAgIHsKICAgICAgICAgICAgLy8gV2UgbmVlZCB0byBjcmVhdGUgdGhlIGxpbmsgYXMgYSBkaXIgYmVmb3JlaGFuZAogICAgICAgICAgICBEaXJlY3RvcnkuQ3JlYXRlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgZmlsZUhhbmRsZSA9IENyZWF0ZUZpbGUoCiAgICAgICAgICAgICAgICBsaW5rUGF0aCwKICAgICAgICAgICAgICAgIEZpbGVBY2Nlc3MuV3JpdGUsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuUmVhZCB8IEZpbGVTaGFyZS5Xcml0ZSB8IEZpbGVTaGFyZS5Ob25lLAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICBGaWxlTW9kZS5PcGVuLAogICAgICAgICAgICAgICAgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgfCBGSUxFX0ZMQUdfT1BFTl9SRVBBUlNFX1BPSU5ULAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8pOwoKICAgICAgICAgICAgaWYgKGZpbGVIYW5kbGUuSXNJbnZhbGlkKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlRmlsZSh7MH0pIGZhaWxlZCIsIGxpbmtQYXRoKSk7CgogICAgICAgICAgICB0cnkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gIlxcPz9cXCIgKyBQYXRoLkdldEZ1bGxQYXRoKGxpbmtUYXJnZXQpOwogICAgICAgICAgICAgICAgc3RyaW5nIHByaW50TmFtZSA9IGxpbmtUYXJnZXQ7CgogICAgICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICAgICAgYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0ID0gMDsKICAgICAgICAgICAgICAgIGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCA9IChVSW50MTYpKHN1YnN0aXR1dGVOYW1lLkxlbmd0aCAqIFNJWkVfT0ZfV0NIQVIpOwogICAgICAg ScriptBlock ID: 4a4215d4-4cd2-409c-91f5-15060d228a22 Path:	4104	1		3	2	15	0	1783	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	604	3260	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:47 PM	e5295ba9-9827-0003-d85d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 9): 0KICAgICAgICAkZmFsc2UgeyAiRGlzYWJsZSIgfQogICAgfQoKICAgICRjdXJyZW50X3N0YXRlID0gR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgJE5hbWUKICAgIGlmICgkY3VycmVudF9zdGF0ZSAtZXEgJFZhbHVlKSB7CiAgICAgICAgcmV0dXJuICAjIG5vIGNoYW5nZSBuZWVkcyB0byBvY2N1cgogICAgfSBlbHNlaWYgKCRudWxsIC1lcSAkY3VycmVudF9zdGF0ZSkgewogICAgICAgICMgb25jZSBhIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gYSB0b2tlbiB3ZSBjYW5ub3QgZG8gYW55dGhpbmcgd2l0aCBpdAogICAgICAgIHRocm93IFtTeXN0ZW0uSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbl0gIkNhbm5vdCAkKCRhY3Rpb24uVG9Mb3dlcigpKSB0aGUgcHJpdmlsZWdlICckTmFtZScgYXMgaXQgaGFzIGJlZW4gcmVtb3ZlZCBmcm9tIHRoZSB0b2tlbiIKICAgIH0KCiAgICAkcHJvY2Vzc190b2tlbiA9IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCkKICAgIGlmICgkUFNDbWRsZXQuU2hvdWxkUHJvY2VzcygkTmFtZSwgIiRhY3Rpb24gdGhlIHByaXZpbGVnZSAkTmFtZSIpKSB7CiAgICAgICAgJG5ld19zdGF0ZSA9IE5ldy1PYmplY3QgLVR5cGVOYW1lICdTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmddLCBbU3lzdGVtLk51bGxhYmxlYDFbU3lzdGVtLkJvb2xlYW5dXV0nCiAgICAgICAgJG5ld19zdGF0ZS5BZGQoJE5hbWUsICRWYWx1ZSkKICAgICAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3NfdG9rZW4sICRuZXdfc3RhdGUpID4gJG51bGwKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gSW1wb3J0LVByaXZpbGVnZVV0aWwsIEdldC1BbnNpYmxlUHJpdmlsZWdlLCBTZXQtQW5zaWJsZVByaXZpbGVnZSBgCiAgICAtVmFyaWFibGUgYW5zaWJsZV9wcml2aWxlZ2VfdXRpbF9uYW1lc3BhY2VzLCBhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGU=", "Ansible.ModuleUtils.LinkUtil": "ICMgQ29weXJpZ2h0IChjKSAyMDE3IEFuc2libGUgUHJvamVjdAogIyBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlIChzZWUgbGljZW5zZXMvc2ltcGxpZmllZF9ic2QudHh0IG9yIGh0dHBzOi8vb3BlbnNvdXJjZS5vcmcvbGljZW5zZXMvQlNELTItQ2xhdXNlKQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Qcml2aWxlZ2VVdGlsCgpGdW5jdGlvbiBMb2FkLUxpbmtVdGlscygpIHsKICAgICRsaW5rX3V0aWwgPSBAJwp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWM7CnVzaW5nIFN5c3RlbS5JTzsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwp1c2luZyBTeXN0ZW0uVGV4dDsKCm5hbWVzcGFjZSBBbnNpYmxlCnsKICAgIHB1YmxpYyBlbnVtIExpbmtUeXBlCiAgICB7CiAgICAgICAgU3ltYm9saWNMaW5rLAogICAgICAgIEp1bmN0aW9uUG9pbnQsCiAgICAgICAgSGFyZExpbmsKICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CgogICAgICAgIHB1YmxpYyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIExpbmtVdGlsV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgb3ZlcnJpZGUgc3RyaW5nIE1lc3NhZ2UgeyBnZXQgeyByZXR1cm4gX21zZzsgfSB9CiAgICAgICAgcHVibGljIHN0YXRpYyBleHBsaWNpdCBvcGVyYXRvciBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBMaW5rSW5mbwogICAgewogICAgICAgIHB1YmxpYyBMaW5rVHlwZSBUeXBlIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICBwdWJsaWMgc3RyaW5nIFByaW50TmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBTdWJzdGl0dXRlTmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBBYnNvbHV0ZVBhdGggeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIHB1YmxpYyBzdHJpbmcgVGFyZ2V0UGF0aCB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZ1tdIEhhcmRUYXJnZXRzIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgIH0KCiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICBwdWJsaWMgc3RydWN0IFJFUEFSU0VfREFUQV9CVUZGRVIKICAgIHsKICAgICAgICBwdWJsaWMgVUludDMyIFJlcGFyc2VUYWc7CiAgICAgICAgcHVibGljIFVJbnQxNiBSZXBhcnNlRGF0YUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFJlc2VydmVkOwogICAgICAgIHB1YmxpYyBVSW50MTYgU3Vic3RpdHV0ZU5hbWVPZmZzZXQ7CiAgICAgICAgcHVibGljIFVJbnQxNiBTdWJzdGl0dXRlTmFtZUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZU9mZnNldDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZUxlbmd0aDsKCiAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkJ5VmFsQXJyYXksIFNpemVDb25zdCA9IExpbmtVdGlsLk1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFKV0KICAgICAgICBwdWJsaWMgY2hhcltdIFBhdGhCdWZmZXI7CiAgICB9CgogICAgcHVibGljIGNsYXNzIExpbmtVdGlsCiAgICB7CiAgICAgICAgcHVibGljIGNvbnN0IGludCBNQVhJTVVNX1JFUEFSU0VfREFUQV9CVUZGRVJfU0laRSA9IDEwMjQgKiAxNjsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgPSAweDAyMDAwMDAwOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgPSAweDAwMjAwMDAwOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBGU0NUTF9HRVRfUkVQQVJTRV9QT0lOVCA9IDB4MDAwOTAwQTg7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQgPSAweDAwMDkwMEE0OwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfREVWSUNFX0ZJTEVfU1lTVEVNID0gMHgwMDA5MDAwMDsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgSU9fUkVQQVJTRV9UQUdfTU9VTlRfUE9JTlQgPSAweEEwMDAwMDAzOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIElPX1JFUEFSU0VfVEFHX1NZTUxJTksgPSAweEEwMDAwMDBDOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1MSU5LX0ZMQUdfUkVMQVRJVkUgPSAweDAwMDAwMDAxOwoKICAgICAgICBwcml2YXRlIGNvbnN0IEludDY0IElOVkFMSURfSEFORExFX1ZBTFVFID0gLTE7CgogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIFNJWkVfT0ZfV0NIQVIgPSAyOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRSA9IDB4MDAwMDAwMDA7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgU1lNQk9MSUNfTElOS19GTEFHX0RJUkVDVE9SWSA9IDB4MDAwMDAwMDE7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBTYWZlRmlsZUhhbmRsZSBDcmVhdGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLlU0KV0gRmlsZUFjY2VzcyBkd0Rlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5VNCldIEZpbGVTaGFyZSBkd1NoYXJlTW9kZSwKICAgICAgICAgICAgSW50UHRyIGxwU2VjdXJpdHlBdHRyaWJ1dGVzLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuVTQpXSBGaWxlTW9kZSBkd0NyZWF0aW9uRGlzcG9zaXRpb24sCiAgICAgICAgICAgIFVJbnQzMiBkd0ZsYWdzQW5kQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGhUZW1wbGF0ZUZpbGUpOwoKICAgICAgICAvLyBVc2VkIGJ5IEdldFJlcGFyc2VQb2ludEluZm8oKQogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIERldmljZUlvQ29udHJvbCgKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaERldmljZSwKICAgICAgICAgICAgVUludDMyIGR3SW9Db250cm9sQ29kZSwKICAgICAgICAgICAgSW50UHRyIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgUkVQQVJTRV9EQVRBX0JVRkZFUiBscE91dEJ1ZmZlciwKICAgICAgICAgICAgVUludDMyIG5PdXRCdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgVUludDMyIGxwQnl0ZXNSZXR1cm5lZCwKICAgICAgICAgICAgSW50UHRyIGxwT3ZlcmxhcHBlZCk7CgogICAgICAgIC8vIFVzZWQgYnkgQ3JlYXRlSnVuY3Rpb25Qb2ludCgpCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIGJvb2wgRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICBTYWZlRmlsZUhhbmRsZSBoRGV2aWNlLAogICAgICAgICAgICBVSW50MzIgZHdJb0NvbnRyb2xDb2RlLAogICAgICAgICAgICBSRVBBUlNFX0RBVEFfQlVGRkVSIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBJbnRQdHIgbHBPdXRCdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuT3V0QnVmZmVyU2l6ZSwKICAgICAgICAgICAgb3V0IFVJbnQzMiBscEJ5dGVzUmV0dXJuZWQsCiAgICAgICAgICAgIEludFB0ciBscE92ZXJsYXBwZWQpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBHZXRWb2x1bWVQYXRoTmFtZSgKICAgICAgICAgICAgc3RyaW5nIGxwc3pGaWxlTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscHN6Vm9sdW1lUGF0aE5hbWUsCiAgICAgICAgICAgIHJlZiBVSW50MzIgY2NoQnVmZmVyTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIEludFB0ciBGaW5kRmlyc3RGaWxlTmFtZVcoCiAgICAgICAgICAgIHN0cmluZyBscEZpbGVOYW1lLAogICAgICAgICAgICBVSW50MzIgZHdGbGFncywKICAgICAgICAgICAgcmVmIFVJbnQzMiBTdHJpbmdMZW5ndGgsCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgTGlua05hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBGaW5kTmV4dEZpbGVOYW1lVygKICAgICAgICAgICAgSW50UHRyIGhGaW5kU3RyZWFtLAogICAgICAgICAgICByZWYgVUludDMyIFN0cmluZ0xlbmd0aCwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBMaW5rTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEZpbmRDbG9zZSgKICAgICAgICAgICAgSW50UHRyIGhGaW5kRmlsZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeSgKICAgICAgICAgICAgc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBEZWxldGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIENyZWF0ZVN5bWJvbGljTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwU3ltbGlua0ZpbGVOYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBUYXJnZXRGaWxlTmFtZSwKICAgICAgICAgICAgVUludDMyIGR3RmxhZ3MpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVIYXJkTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwRmlsZU5hbWUsCiAgICAgICAgICAgIHN0cmluZyBscEV4aXN0aW5nRmlsZU5hbWUsCiAgICAgICAgICAgIEludFB0ciBscFNlY3VyaXR5QXR0cmlidXRlcyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgTGlua0luZm8gR2V0TGlua0luZm8oc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rUGF0aCk7CiAgICAgICAgICAgIGlmIChhdHRyLkhhc0ZsYWcoRmlsZUF0dHJpYnV0ZXMuUmVwYXJzZVBvaW50KSkKICAgICAgICAgICAgICAgIHJldHVybiBHZXRSZXBhcnNlUG9pbnRJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIGlmICghYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICByZXR1cm4gR2V0SGFyZExpbmtJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIHJldHVybiBudWxsOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUxpb ScriptBlock ID: 4a4215d4-4cd2-409c-91f5-15060d228a22 Path:	4104	1		3	2	15	0	1782	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	604	3260	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:47 PM	e5295ba9-9827-0003-d85d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 9): gICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBib29sIHJlcyA9IE5hdGl2ZU1ldGhvZHMuQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGhUb2tlbiwgZGlzYWJsZUFsbFByaXZpbGVnZXMsIG5ld1N0YXRlUHRyLCByZXR1cm5MZW5ndGgsIG9sZFN0YXRlUHRyLCBvdXQgcmV0dXJuTGVuZ3RoKTsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBldmVuIHdoZW4gcmVzID09IHRydWUsIEVSUk9SX05PVF9BTExfQVNTSUdORUQgbWF5IGJlIHNldCBhcyB0aGUgbGFzdCBlcnJvciBjb2RlCiAgICAgICAgICAgICAgICAgICAgICAgIGlmICghcmVzIHx8IGVyckNvZGUgIT0gMCkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihlcnJDb2RlLCAiQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKCkgZmFpbGVkIik7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBNYXJzaGFsIHRoZSBvbGRTdGF0ZVB0ciB0byB0aGUgc3RydWN0CiAgICAgICAgICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUyBvbGRTdGF0ZSA9IChOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShvbGRTdGF0ZVB0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgICAgICBvbGRTdGF0ZVByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW29sZFN0YXRlLlByaXZpbGVnZUNvdW50XTsKICAgICAgICAgICAgICAgICAgICAgICAgUHRyVG9TdHJ1Y3R1cmVBcnJheShvbGRTdGF0ZVByaXZpbGVnZXMsIEludFB0ci5BZGQob2xkU3RhdGVQdHIsIE1hcnNoYWwuU2l6ZU9mKG9sZFN0YXRlLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBNYXJzaGFsLkZyZWVIR2xvYmFsKG9sZFN0YXRlUHRyKTsKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5DbG9zZUhhbmRsZShoVG9rZW4pOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaWYgKG5ld1N0YXRlUHRyICE9IEludFB0ci5aZXJvKQogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwobmV3U3RhdGVQdHIpOwogICAgICAgICAgICB9CgogICAgICAgICAgICByZXR1cm4gb2xkU3RhdGVQcml2aWxlZ2VzLlRvRGljdGlvbmFyeShwID0+IEdldFByaXZpbGVnZU5hbWUocC5MdWlkKSwgcCA9PiAoYm9vbD8pcC5BdHRyaWJ1dGVzLkhhc0ZsYWcoUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBzdHJpbmcgR2V0UHJpdmlsZWdlTmFtZShOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZCkKICAgICAgICB7CiAgICAgICAgICAgIFVJbnQzMiBuYW1lTGVuID0gMDsKICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5Mb29rdXBQcml2aWxlZ2VOYW1lKG51bGwsIHJlZiBsdWlkLCBudWxsLCByZWYgbmFtZUxlbik7CgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIG5hbWUgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KShuYW1lTGVuICsgMSkpOwogICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuTG9va3VwUHJpdmlsZWdlTmFtZShudWxsLCByZWYgbHVpZCwgbmFtZSwgcmVmIG5hbWVMZW4pKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJMb29rdXBQcml2aWxlZ2VOYW1lKCkgZmFpbGVkIik7CgogICAgICAgICAgICByZXR1cm4gbmFtZS5Ub1N0cmluZygpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBQdHJUb1N0cnVjdHVyZUFycmF5PFQ+KFRbXSBhcnJheSwgSW50UHRyIHB0cikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBwdHJPZmZzZXQgPSBwdHI7CiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYXJyYXkuTGVuZ3RoOyBpKyssIHB0ck9mZnNldCA9IEludFB0ci5BZGQocHRyT2Zmc2V0LCBNYXJzaGFsLlNpemVPZih0eXBlb2YoVCkpKSkKICAgICAgICAgICAgICAgIGFycmF5W2ldID0gKFQpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShwdHJPZmZzZXQsIHR5cGVvZihUKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBpbnQgU3RydWN0dXJlVG9CeXRlczxUPihUIHN0cnVjdHVyZSwgYnl0ZVtdIGFycmF5LCBpbnQgb2Zmc2V0KQogICAgICAgIHsKICAgICAgICAgICAgaW50IHNpemUgPSBNYXJzaGFsLlNpemVPZihzdHJ1Y3R1cmUpOwogICAgICAgICAgICBJbnRQdHIgc3RydWN0UHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoc2l6ZSk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBNYXJzaGFsLlN0cnVjdHVyZVRvUHRyKHN0cnVjdHVyZSwgc3RydWN0UHRyLCBmYWxzZSk7CiAgICAgICAgICAgICAgICBNYXJzaGFsLkNvcHkoc3RydWN0UHRyLCBhcnJheSwgb2Zmc2V0LCBzaXplKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwoc3RydWN0UHRyKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgcmV0dXJuIHNpemU7CiAgICAgICAgfQogICAgfQp9CidACgpGdW5jdGlvbiBJbXBvcnQtUHJpdmlsZWdlVXRpbCB7CiAgICA8IwogICAgLlNZTk9QU0lTCiAgICBDb21waWxlcyB0aGUgQyMgY29kZSB0aGF0IGNhbiBiZSB1c2VkIHRvIG1hbmFnZSBXaW5kb3dzIHByaXZpbGVnZXMgZnJvbSBhbgogICAgQW5zaWJsZSBtb2R1bGUuIE9uY2UgdGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQsIHRoZSBmb2xsb3dpbmcgUG93ZXJTaGVsbAogICAgY21kbGV0cyBjYW4gYmUgdXNlZDsKCiAgICAgICAgR2V0LUFuc2libGVQcml2aWxlZ2UKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZQoKICAgIFRoZSBhYm92ZSBjbWRsZXRzIGdpdmUgdGhlIGFiaWxpdHkgdG8gbWFuYWdlIHBlcm1pc3Npb25zIG9uIHRoZSBjdXJyZW50CiAgICBwcm9jZXNzIHRva2VuIGJ1dCB0aGUgdW5kZXJseWluZyAuTkVUIGNsYXNzZXMgYXJlIGFsc28gZXhwb3NlZCBmb3IgZ3JlYXRlcgogICAgY29udHJvbC4gVGhlIGZvbGxvd2luZyBmdW5jdGlvbnMgY2FuIGJlIHVzZWQgYnkgY2FsbGluZyB0aGUgLk5FVCBjbGFzcwoKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkbmFtZSkKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkRpc2FibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6RGlzYWJsZUFsbFByaXZpbGVnZXMoJHByb2Nlc3MpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpFbmFibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2VzcykKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OlJlbW92ZVByaXZpbGVnZSgkcHJvY2VzcywgJG5hbWUpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3MsICRuZXdfc3RhdGUpCgogICAgSGVyZSBpcyBhIGJyaWVmIGV4cGxhbmF0aW9uIG9mIGVhY2ggdHlwZSBvZiBhcmcKICAgICRwcm9jZXNzID0gVGhlIHByb2Nlc3MgaGFuZGxlIHRvIG1hbmlwdWxhdGUsIHVzZSAnW0Fuc2libGUuUHJpdmlsZWdlVXRpbHMuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCknIHRvIGdldCB0aGUgY3VycmVudCBwcm9jZXNzIGhhbmRsZQogICAgJG5hbWUgPSBUaGUgbmFtZSBvZiB0aGUgcHJpdmlsZWdlLCB0aGlzIGlzIHRoZSBjb25zdGFudCB2YWx1ZSBmcm9tIGh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3dpbmRvd3MvZGVza3RvcC9TZWNBdXRoWi9wcml2aWxlZ2UtY29uc3RhbnRzLCBlLmcuIFNlQXVkaXRQcml2aWxlZ2UKICAgICRuZXdfc3RhdGUgPSAnU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nXSwgW1N5c3RlbS5OdWxsYWJsZWAxW1N5c3RlbS5Cb29sZWFuXV1dJwogICAgICAgIFRoZSBrZXkgaXMgdGhlIGNvbnN0YW50IG5hbWUgYXMgYSBzdHJpbmcsIHRoZSB2YWx1ZSBpcyBhIHRlcm5hcnkgYm9vbGVhbiB3aGVyZQogICAgICAgICAgICB0cnVlIC0gd2lsbCBlbmFibGUgdGhlIHByaXZpbGVnZQogICAgICAgICAgICBmYWxzZSAtIHdpbGwgZGlzYWJsZSB0aGUgcHJpdmlsZWdlCiAgICAgICAgICAgIG51bGwgLSB3aWxsIHJlbW92ZSB0aGUgcHJpdmlsZWdlCgogICAgRWFjaCBtZXRob2QgdGhhdCBjaGFuZ2VzIHRoZSBwcml2aWxlZ2Ugc3RhdGUgd2lsbCByZXR1cm4gYSBkaWN0aW9uYXJ5IHRoYXQKICAgIGNhbiBiZSB1c2VkIGFzIHRoZSAkbmV3X3N0YXRlIGFyZyBvZiBTZXRUb2tlblByaXZpbGVnZXMgdG8gdW5kbyBhbmQgcmV2ZXJ0CiAgICBiYWNrIHRvIHRoZSBvcmlnaW5hbCBzdGF0ZS4gSWYgeW91IHJlbW92ZSBhIHByaXZpbGVnZSB0aGVuIHRoaXMgaXMKICAgIGlycmV2ZXJzaWJsZSBhbmQgd29uJ3QgYmUgcGFydCBvZiB0aGUgcmV0dXJuZWQgZGljdAogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICAjIGJ1aWxkIHRoZSBDIyBjb2RlIHRvIGNvbXBpbGUKICAgICRuYW1lc3BhY2VfaW1wb3J0ID0gKCRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX25hbWVzcGFjZXMgfCBGb3JFYWNoLU9iamVjdCB7ICJ1c2luZyAkXzsiIH0pIC1qb2luICJgcmBuIgogICAgJHBsYXRmb3JtX3V0aWwgPSAiJG5hbWVzcGFjZV9pbXBvcnRgcmBuYHJgbiRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGUiCgogICAgIyBGVVRVUkU6IGZpbmQgYSBiZXR0ZXIgd2F5IHRvIGdldCB0aGUgX2Fuc2libGVfcmVtb3RlX3RtcCB2YXJpYWJsZQogICAgIyB0aGlzIGlzIHVzZWQgdG8gZm9yY2UgY3NjIHRvIGNvbXBpbGUgdGhlIEMjIGNvZGUgaW4gdGhlIHJlbW90ZSB0bXAKICAgICMgc3BlY2lmaWVkCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwbGF0Zm9ybV91dGlsCiAgICAkZW52OlRNUCA9ICRvcmlnaW5hbF90bXAKfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQcml2aWxlZ2UgewogICAgPCMKICAgIC5TWU5PUFNJUwogICAgR2V0IHRoZSBzdGF0dXMgb2YgYSBwcml2aWxlZ2UgZm9yIHRoZSBjdXJyZW50IHByb2Nlc3MuIFRoaXMgcmV0dXJucwogICAgICAgICR0cnVlIC0gdGhlIHByaXZpbGVnZSBpcyBlbmFibGVkCiAgICAgICAgJGZhbHNlIC0gdGhlIHByaXZpbGVnZSBpcyBkaXNhYmxlZAogICAgICAgICRudWxsIC0gdGhlIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gdGhlIHRva2VuCgogICAgSWYgTmFtZSBpcyBub3QgYSB2YWxpZCBwcml2aWxlZ2UgbmFtZSwgdGhpcyB3aWxsIHRocm93IGFuCiAgICBBcmd1bWVudEV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VEZWJ1Z1ByaXZpbGVnZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZQogICAgKQoKICAgIGlmICgtbm90IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkTmFtZSkpIHsKICAgICAgICB0aHJvdyBbU3lzdGVtLkFyZ3VtZW50RXhjZXB0aW9uXSAiSW52YWxpZCBwcml2aWxlZ2UgbmFtZSAnJE5hbWUnIgogICAgfQoKICAgICRwcm9jZXNzX3Rva2VuID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0Q3VycmVudFByb2Nlc3MoKQogICAgJHByaXZpbGVnZV9pbmZvID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2Vzc190b2tlbikKICAgIGlmICgkcHJpdmlsZWdlX2luZm8uQ29udGFpbnNLZXkoJE5hbWUpKSB7CiAgICAgICAgJHN0YXR1cyA9ICRwcml2aWxlZ2VfaW5mby4kTmFtZQogICAgICAgIHJldHVybiAkc3RhdHVzLkhhc0ZsYWcoW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VBdHRyaWJ1dGVzXTo6RW5hYmxlZCkKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRudWxsCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1BbnNpYmxlUHJpdmlsZWdlIHsKICAgIDwjCiAgICAuU1lOT1BTSVMKICAgIEVuYWJsZXMvRGlzYWJsZXMgYSBwcml2aWxlZ2Ugb24gdGhlIGN1cnJlbnQgcHJvY2VzcycgdG9rZW4uIElmIGEgcHJpdmlsZWdlCiAgICBoYXMgYmVlbiByZW1vdmVkIGZyb20gdGhlIHByb2Nlc3MgdG9rZW4sIHRoaXMgd2lsbCB0aHJvdyBhbgogICAgSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgIyBlbmFibGUgYSBwcml2aWxlZ2UKICAgIFNldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQ3JlYXRlU3ltYm9saWNMaW5rUHJpdmlsZWdlIC1WYWx1ZSAkdHJ1ZQoKICAgICMgZGlzYWJsZSBhIHByaXZpbGVnZQogICAgU2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VDcmVhdGVTeW1ib2xpY0xpbmtQcml2aWxlZ2UgLVZhbHVlICRmYWxzZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKFN1cHBvcnRzU2hvdWxkUHJvY2VzcyldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZSwKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW2Jvb2xdJFZhbHVlCiAgICApCgogICAgJGFjdGlvbiA9IHN3aXRjaCgkVmFsdWUpIHsKICAgICAgICAkdHJ1ZSB7ICJFbmFibGUiIH ScriptBlock ID: 4a4215d4-4cd2-409c-91f5-15060d228a22 Path:	4104	1		3	2	15	0	1781	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	604	3260	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:47 PM	e5295ba9-9827-0003-d85d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 9): CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICByZXR1cm4gdHJ1ZTsKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IERpc2FibGVQcml2aWxlZ2UoU2FmZUhhbmRsZSB0b2tlbiwgc3RyaW5nIHByaXZpbGVnZSkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgZmFsc2UgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBEaXNhYmxlQWxsUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuKQogICAgICAgIHsKICAgICAgICAgICAgcmV0dXJuIEFkanVzdFRva2VuUHJpdmlsZWdlcyh0b2tlbiwgbnVsbCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIERpY3Rpb25hcnk8c3RyaW5nLCBib29sPz4gRW5hYmxlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICByZXR1cm4gU2V0VG9rZW5Qcml2aWxlZ2VzKHRva2VuLCBuZXcgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PigpIHsgeyBwcml2aWxlZ2UsIHRydWUgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IEdldEFsbFByaXZpbGVnZUluZm8oU2FmZUhhbmRsZSB0b2tlbikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBoVG9rZW4gPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLk9wZW5Qcm9jZXNzVG9rZW4odG9rZW4sIFRva2VuQWNjZXNzTGV2ZWxzLlF1ZXJ5LCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiT3BlblByb2Nlc3NUb2tlbigpIGZhaWxlZCIpOwoKICAgICAgICAgICAgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IGluZm8gPSBuZXcgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+KCk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBVSW50MzIgdG9rZW5MZW5ndGggPSAwOwogICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5HZXRUb2tlbkluZm9ybWF0aW9uKGhUb2tlbiwgVE9LRU5fUFJJVklMRUdFUywgSW50UHRyLlplcm8sIDAsIG91dCB0b2tlbkxlbmd0aCk7CgogICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlczsKICAgICAgICAgICAgICAgIEludFB0ciBwcml2aWxlZ2VzUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoKGludCl0b2tlbkxlbmd0aCk7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuR2V0VG9rZW5JbmZvcm1hdGlvbihoVG9rZW4sIFRPS0VOX1BSSVZJTEVHRVMsIHByaXZpbGVnZXNQdHIsIHRva2VuTGVuZ3RoLCBvdXQgdG9rZW5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkdldFRva2VuSW5mb3JtYXRpb24oKSBmb3IgVE9LRU5fUFJJVklMRUdFUyBmYWlsZWQiKTsKCiAgICAgICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTIHByaXZpbGVnZUluZm8gPSAoTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTKU1hcnNoYWwuUHRyVG9TdHJ1Y3R1cmUocHJpdmlsZWdlc1B0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgIHByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW3ByaXZpbGVnZUluZm8uUHJpdmlsZWdlQ291bnRdOwogICAgICAgICAgICAgICAgICAgIFB0clRvU3RydWN0dXJlQXJyYXkocHJpdmlsZWdlcywgSW50UHRyLkFkZChwcml2aWxlZ2VzUHRyLCBNYXJzaGFsLlNpemVPZihwcml2aWxlZ2VJbmZvLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwocHJpdmlsZWdlc1B0cik7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgaW5mbyA9IHByaXZpbGVnZXMuVG9EaWN0aW9uYXJ5KHAgPT4gR2V0UHJpdmlsZWdlTmFtZShwLkx1aWQpLCBwID0+IHAuQXR0cmlidXRlcyk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBOYXRpdmVNZXRob2RzLkNsb3NlSGFuZGxlKGhUb2tlbik7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcmV0dXJuIGluZm87CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIFNhZmVXYWl0SGFuZGxlIEdldEN1cnJlbnRQcm9jZXNzKCkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBOYXRpdmVNZXRob2RzLkdldEN1cnJlbnRQcm9jZXNzKCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgUmVtb3ZlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgbnVsbCB9IH0pOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IFNldFRva2VuUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuLCBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IHN0YXRlKQogICAgICAgIHsKICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlQXR0ciA9IG5ldyBOYXRpdmVIZWxwZXJzLkxVSURfQU5EX0FUVFJJQlVURVNbc3RhdGUuQ291bnRdOwogICAgICAgICAgICBpbnQgaSA9IDA7CgogICAgICAgICAgICBmb3JlYWNoIChLZXlWYWx1ZVBhaXI8c3RyaW5nLCBib29sPz4gZW50cnkgaW4gc3RhdGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRCBsdWlkOwogICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIGVudHJ5LktleSwgb3V0IGx1aWQpKQogICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJMb29rdXBQcml2aWxlZ2VWYWx1ZSh7MH0pIGZhaWxlZCIsIGVudHJ5LktleSkpOwoKICAgICAgICAgICAgICAgIFByaXZpbGVnZUF0dHJpYnV0ZXMgYXR0cmlidXRlczsKICAgICAgICAgICAgICAgIHN3aXRjaCAoZW50cnkuVmFsdWUpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgY2FzZSB0cnVlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkOwogICAgICAgICAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgICAgICAgICBjYXNlIGZhbHNlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5EaXNhYmxlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICAgICAgZGVmYXVsdDoKICAgICAgICAgICAgICAgICAgICAgICAgYXR0cmlidXRlcyA9IFByaXZpbGVnZUF0dHJpYnV0ZXMuUmVtb3ZlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgcHJpdmlsZWdlQXR0cltpXS5MdWlkID0gbHVpZDsKICAgICAgICAgICAgICAgIHByaXZpbGVnZUF0dHJbaV0uQXR0cmlidXRlcyA9IGF0dHJpYnV0ZXM7CiAgICAgICAgICAgICAgICBpKys7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHJldHVybiBBZGp1c3RUb2tlblByaXZpbGVnZXModG9rZW4sIHByaXZpbGVnZUF0dHIpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBBZGp1c3RUb2tlblByaXZpbGVnZXMoU2FmZUhhbmRsZSB0b2tlbiwgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gbmV3U3RhdGUpCiAgICAgICAgewogICAgICAgICAgICBib29sIGRpc2FibGVBbGxQcml2aWxlZ2VzOwogICAgICAgICAgICBJbnRQdHIgbmV3U3RhdGVQdHI7CiAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1tdIG9sZFN0YXRlUHJpdmlsZWdlczsKICAgICAgICAgICAgVUludDMyIHJldHVybkxlbmd0aDsKCiAgICAgICAgICAgIGlmIChuZXdTdGF0ZSA9PSBudWxsKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBkaXNhYmxlQWxsUHJpdmlsZWdlcyA9IHRydWU7CiAgICAgICAgICAgICAgICBuZXdTdGF0ZVB0ciA9IEludFB0ci5aZXJvOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZGlzYWJsZUFsbFByaXZpbGVnZXMgPSBmYWxzZTsKCiAgICAgICAgICAgICAgICAvLyBOZWVkIHRvIG1hbnVhbGx5IG1hcnNoYWwgdGhlIGJ5dGVzIHJlcXVpcmVzIGZvciBuZXdTdGF0ZSBhcyB0aGUgY29uc3RhbnQgc2l6ZQogICAgICAgICAgICAgICAgLy8gb2YgTFVJRF9BTkRfQVRUUklCVVRFUyBpcyBzZXQgdG8gMSBhbmQgY2FuJ3QgYmUgb3ZlcnJpZGRlbiBhdCBydW50aW1lLCBUT0tFTl9QUklWSUxFR0VTCiAgICAgICAgICAgICAgICAvLyBhbHdheXMgY29udGFpbnMgYXQgbGVhc3QgMSBlbnRyeSBzbyB3ZSBuZWVkIHRvIGNhbGN1bGF0ZSB0aGUgZXh0cmEgc2l6ZSBpZiB0aGVyZSBhcmUKICAgICAgICAgICAgICAgIC8vIG5vcmUgdGhhbiAxIExVSURfQU5EX0FUVFJJQlVURVMgZW50cnkKICAgICAgICAgICAgICAgIGludCB0b2tlblByaXZpbGVnZXNTaXplID0gTWFyc2hhbC5TaXplT2YodHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgaW50IGx1aWRBdHRyU2l6ZSA9IDA7CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMSkKICAgICAgICAgICAgICAgICAgICBsdWlkQXR0clNpemUgPSBNYXJzaGFsLlNpemVPZih0eXBlb2YoTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTKSkgKiAobmV3U3RhdGUuTGVuZ3RoIC0gMSk7CiAgICAgICAgICAgICAgICBpbnQgdG90YWxTaXplID0gdG9rZW5Qcml2aWxlZ2VzU2l6ZSArIGx1aWRBdHRyU2l6ZTsKICAgICAgICAgICAgICAgIGJ5dGVbXSBuZXdTdGF0ZUJ5dGVzID0gbmV3IGJ5dGVbdG90YWxTaXplXTsKCiAgICAgICAgICAgICAgICAvLyBnZXQgdGhlIGZpcnN0IGVudHJ5IHRoYXQgaW5jbHVkZXMgdGhlIHN0cnVjdCBkZXRhaWxzCiAgICAgICAgICAgICAgICBOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMgdG9rZW5Qcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUygpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgUHJpdmlsZWdlQ291bnQgPSAoVUludDMyKW5ld1N0YXRlLkxlbmd0aCwKICAgICAgICAgICAgICAgICAgICBQcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1sxXSwKICAgICAgICAgICAgICAgIH07CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMCkKICAgICAgICAgICAgICAgICAgICB0b2tlblByaXZpbGVnZXMuUHJpdmlsZWdlc1swXSA9IG5ld1N0YXRlWzBdOwogICAgICAgICAgICAgICAgaW50IG9mZnNldCA9IFN0cnVjdHVyZVRvQnl0ZXModG9rZW5Qcml2aWxlZ2VzLCBuZXdTdGF0ZUJ5dGVzLCAwKTsKCiAgICAgICAgICAgICAgICAvLyBjb3B5IHRoZSByZW1haW5pbmcgTFVJRF9BTkRfQVRUUklCVVRFUyAoaWYgYW55KQogICAgICAgICAgICAgICAgZm9yIChpbnQgaSA9IDE7IGkgPCBuZXdTdGF0ZS5MZW5ndGg7IGkrKykKICAgICAgICAgICAgICAgICAgICBvZmZzZXQgKz0gU3RydWN0dXJlVG9CeXRlcyhuZXdTdGF0ZVtpXSwgbmV3U3RhdGVCeXRlcywgb2Zmc2V0KTsKCiAgICAgICAgICAgICAgICAvLyBmaW5hbGx5IGNyZWF0ZSB0aGUgcG9pbnRlciB0byB0aGUgYnl0ZSBhcnJheSB3ZSBqdXN0IGNyZWF0ZWQKICAgICAgICAgICAgICAgIG5ld1N0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwobmV3U3RhdGVCeXRlcy5MZW5ndGgpOwogICAgICAgICAgICAgICAgTWFyc2hhbC5Db3B5KG5ld1N0YXRlQnl0ZXMsIDAsIG5ld1N0YXRlUHRyLCBuZXdTdGF0ZUJ5dGVzLkxlbmd0aCk7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBJbnRQdHIgaFRva2VuID0gSW50UHRyLlplcm87CiAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuT3BlblByb2Nlc3NUb2tlbih0b2tlbiwgVG9rZW5BY2Nlc3NMZXZlbHMuUXVlcnkgfCBUb2tlbkFjY2Vzc0xldmVscy5BZGp1c3RQcml2aWxlZ2VzLCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIk9wZW5Qcm9jZXNzVG9rZW4oKSBmYWlsZWQgd2l0aCBRdWVyeSBhbmQgQWRqdXN0UHJpdmlsZWdlcyIpOwogICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgSW50UHRyIG9sZFN0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoMCk7CiAgICAgICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkFkanVzdFRva2VuUHJpdmlsZWdlcyhoVG9rZW4sIGRpc2FibGVBbGxQcml2aWxlZ2VzLCBuZXdTdGF0ZVB0ciwgMCwgb2xkU3RhdGVQdHIsIG91dCByZXR1cm5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChlcnJDb2RlICE9IDEyMikgLy8gRVJST1JfSU5TVUZGSUNJRU5UX0JVRkZFUgogICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKGVyckNvZGUsICJBZGp1c3RUb2tlblByaXZpbGVnZXMoKSBmYWlsZWQgdG8gZ2V0IG9sZCBzdGF0ZSBzaXplIik7CiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAvLyByZXNpemUgdGhlIG9sZFN0YXRlUHRyIGJhc2VkIG9uIHRoZSBsZW5ndGggcmV0dXJuZWQgZnJvbSBXaW5kb3dzCiAgICAgICAgICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChvbGRTdGF0ZVB0cik7CiAgICAgICAgICAgICAgICAgICAgb2xkU3RhdGVQdHIgPSBNYXJzaGFsLkFsbG9jSEdsb2JhbCgoaW50KXJldHVybkxlbmd0aCk7CiAgICAgICAgICAgICAgICAgICAgdHJ5CiA ScriptBlock ID: 4a4215d4-4cd2-409c-91f5-15060d228a22 Path:	4104	1		3	2	15	0	1780	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	604	3260	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:47 PM	e5295ba9-9827-0003-d85d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 9): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.PrivilegeUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTggQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiMgc3RvcmUgaW4gc2VwYXJhdGUgdmFyaWFibGVzIHRvIG1ha2UgaXQgZWFzaWVyIGZvciBvdGhlciBtb2R1bGVfdXRpbHMgdG8KIyBzaGFyZSB0aGlzIGNvZGUgaW4gdGhlaXIgb3duIGMjIGNvZGUKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfbmFtZXNwYWNlcyA9IEAoCiAgICAiTWljcm9zb2Z0LldpbjMyLlNhZmVIYW5kbGVzIiwKICAgICJTeXN0ZW0iLAogICAgIlN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljIiwKICAgICJTeXN0ZW0uTGlucSIsCiAgICAiU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzIiwKICAgICJTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsIiwKICAgICJTeXN0ZW0uVGV4dCIKKQoKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfY29kZSA9IEAnCm5hbWVzcGFjZSBBbnNpYmxlLlByaXZpbGVnZVV0aWwKewogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gUHJpdmlsZWdlQXR0cmlidXRlcyA6IHVpbnQKICAgIHsKICAgICAgICBEaXNhYmxlZCA9IDB4MDAwMDAwMDAsCiAgICAgICAgRW5hYmxlZEJ5RGVmYXVsdCA9IDB4MDAwMDAwMDEsCiAgICAgICAgRW5hYmxlZCA9IDB4MDAwMDAwMDIsCiAgICAgICAgUmVtb3ZlZCA9IDB4MDAwMDAwMDQsCiAgICAgICAgVXNlZEZvckFjY2VzcyA9IDB4ODAwMDAwMDAsCiAgICB9CgogICAgaW50ZXJuYWwgY2xhc3MgTmF0aXZlSGVscGVycwogICAgewogICAgICAgIFtTdHJ1Y3RMYXlvdXQoTGF5b3V0S2luZC5TZXF1ZW50aWFsKV0KICAgICAgICBpbnRlcm5hbCBzdHJ1Y3QgTFVJRAogICAgICAgIHsKICAgICAgICAgICAgcHVibGljIFVJbnQzMiBMb3dQYXJ0OwogICAgICAgICAgICBwdWJsaWMgSW50MzIgSGlnaFBhcnQ7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IExVSURfQU5EX0FUVFJJQlVURVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBMVUlEIEx1aWQ7CiAgICAgICAgICAgIHB1YmxpYyBQcml2aWxlZ2VBdHRyaWJ1dGVzIEF0dHJpYnV0ZXM7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IFRPS0VOX1BSSVZJTEVHRVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBVSW50MzIgUHJpdmlsZWdlQ291bnQ7CiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5CeVZhbEFycmF5LCBTaXplQ29uc3QgPSAxKV0KICAgICAgICAgICAgcHVibGljIExVSURfQU5EX0FUVFJJQlVURVNbXSBQcml2aWxlZ2VzOwogICAgICAgIH0KICAgIH0KCiAgICBpbnRlcm5hbCBjbGFzcyBOYXRpdmVNZXRob2RzCiAgICB7CiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIEFkanVzdFRva2VuUHJpdmlsZWdlcygKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuQm9vbCldIGJvb2wgRGlzYWJsZUFsbFByaXZpbGVnZXMsCiAgICAgICAgICAgIEludFB0ciBOZXdTdGF0ZSwKICAgICAgICAgICAgVUludDMyIEJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgSW50UHRyIFByZXZpb3VzU3RhdGUsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIENsb3NlSGFuZGxlKAogICAgICAgICAgICBJbnRQdHIgaE9iamVjdCk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBTYWZlV2FpdEhhbmRsZSBHZXRDdXJyZW50UHJvY2VzcygpOwoKICAgICAgICBbRGxsSW1wb3J0KCJhZHZhcGkzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgR2V0VG9rZW5JbmZvcm1hdGlvbigKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBVSW50MzIgVG9rZW5JbmZvcm1hdGlvbkNsYXNzLAogICAgICAgICAgICBJbnRQdHIgVG9rZW5JbmZvcm1hdGlvbiwKICAgICAgICAgICAgVUludDMyIFRva2VuSW5mb3JtYXRpb25MZW5ndGgsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZU5hbWUoCiAgICAgICAgICAgIHN0cmluZyBscFN5c3RlbU5hbWUsCiAgICAgICAgICAgIHJlZiBOYXRpdmVIZWxwZXJzLkxVSUQgbHBMdWlkLAogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGxwTmFtZSwKICAgICAgICAgICAgcmVmIFVJbnQzMiBjY2hOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZVZhbHVlKAogICAgICAgICAgICBzdHJpbmcgbHBTeXN0ZW1OYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBOYW1lLAogICAgICAgICAgICBvdXQgTmF0aXZlSGVscGVycy5MVUlEIGxwTHVpZCk7CgogICAgICAgIFtEbGxJbXBvcnQoImFkdmFwaTMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBPcGVuUHJvY2Vzc1Rva2VuKAogICAgICAgICAgICBTYWZlSGFuZGxlIFByb2Nlc3NIYW5kbGUsCiAgICAgICAgICAgIFRva2VuQWNjZXNzTGV2ZWxzIERlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIG91dCBJbnRQdHIgVG9rZW5IYW5kbGUpOwogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KICAgICAgICBwdWJsaWMgV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQogICAgICAgIHB1YmxpYyBvdmVycmlkZSBzdHJpbmcgTWVzc2FnZSB7IGdldCB7IHJldHVybiBfbXNnOyB9IH0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4cGxpY2l0IG9wZXJhdG9yIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgV2luMzJFeGNlcHRpb24obWVzc2FnZSk7IH0KICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgUHJpdmlsZWdlcwogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IFVJbnQzMiBUT0tFTl9QUklWSUxFR0VTID0gMzsKCgogICAgICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBDaGVja1ByaXZpbGVnZU5hbWUoc3RyaW5nIG5hbWUpCiAgICAgICAgewogICAgICAgICAgICBOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZDsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIG5hbWUsIG91dCBsdWlkKSkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICBpZiAoZXJyQ29kZSAhPSAxMzEzKSAgLy8gRVJST1JfTk9fU1VDSF9QUklWSUxFR0UKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oZXJyQ29kZSwgU3RyaW5nLkZvcm1hdCgiTG9va3VwUHJpdmlsZWdlVmFsdWUoezB9KSBmYWlsZWQiLCBuYW1lKSk7CiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7 ScriptBlock ID: 4a4215d4-4cd2-409c-91f5-15060d228a22 Path:	4104	1		3	2	15	0	1779	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	604	3260	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:47 PM	e5295ba9-9827-0003-d85d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1778	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	604	752	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:46 PM	e5295ba9-9827-0004-b35c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 604 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1777	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	604	4588	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:46 PM	e5295ba9-9827-0004-b35c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1776	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	604	752	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:46 PM	e5295ba9-9827-0004-b35c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1775	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4784	4776	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:45 PM	e5295ba9-9827-0003-cd5d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4784 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1774	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4784	3768	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:45 PM	e5295ba9-9827-0003-cd5d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1773	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4784	4776	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:45 PM	e5295ba9-9827-0003-cd5d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 16ed703a-95fb-4106-9f4e-710ff2d5dbfe Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 2b999f88-7917-444b-a04d-12c87b5590e1 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1772	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4208	3008	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:44 PM	e5295ba9-9827-0005-1d5d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: f3f8a020-99af-4f67-9a22-0c61e2111d30 Path:	4104	1		3	2	15	0	1771	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4208	4788	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:44 PM	e5295ba9-9827-0002-a45d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 72e66036-9809-4a1c-b9e9-2193a22dfdb5 Path:	4104	1		3	2	15	0	1770	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4208	4788	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:44 PM	e5295ba9-9827-0001-a15d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 06d8adad-74d3-4c13-860c-5b04621a6852 Path:	4104	1		3	2	15	0	1769	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4208	4788	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:44 PM	e5295ba9-9827-0002-975d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): cGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "Get-Service neutron-hyperv-agent | %{$_.Status}", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 71bd6b74-211f-4110-9a92-e85c00749b52 Path:	4104	1		3	2	15	0	1768	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4208	4788	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:43 PM	e5295ba9-9827-0002-915d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): CAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTog ScriptBlock ID: 71bd6b74-211f-4110-9a92-e85c00749b52 Path:	4104	1		3	2	15	0	1767	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4208	4788	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:43 PM	e5295ba9-9827-0002-915d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): gICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgI ScriptBlock ID: 71bd6b74-211f-4110-9a92-e85c00749b52 Path:	4104	1		3	2	15	0	1766	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4208	4788	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:43 PM	e5295ba9-9827-0002-915d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): gIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAo ScriptBlock ID: 71bd6b74-211f-4110-9a92-e85c00749b52 Path:	4104	1		3	2	15	0	1765	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4208	4788	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:43 PM	e5295ba9-9827-0002-915d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICA ScriptBlock ID: 71bd6b74-211f-4110-9a92-e85c00749b52 Path:	4104	1		3	2	15	0	1764	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4208	4788	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:43 PM	e5295ba9-9827-0002-915d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1763	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4208	1428	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:43 PM	e5295ba9-9827-0004-a45c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4208 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1762	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4208	4888	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:43 PM	e5295ba9-9827-0004-a45c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1761	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4208	1428	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:43 PM	e5295ba9-9827-0004-a45c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.Linq; using System.Runtime.InteropServices; using System.Security.Principal; using System.Text; namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 2851303b-6651-449c-9fc7-3925f79251ad Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 936d6d9f-3181-4064-a68b-1086bd84bef8 Pipeline ID = 8 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 36 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1760	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3692	1492	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:42 PM	e5295ba9-9827-0003-c25d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 2851303b-6651-449c-9fc7-3925f79251ad Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 936d6d9f-3181-4064-a68b-1086bd84bef8 Pipeline ID = 8 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1759	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3692	1492	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:42 PM	e5295ba9-9827-0003-c05d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 40806151-a168-4e2a-b0ba-fdc514acf97f Path:	4104	1		3	2	15	0	1758	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3692	3896	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:42 PM	e5295ba9-9827-0001-815d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } } '@ Function Import-PrivilegeUtil { <# .SYNOPSIS Compiles the C# code that can be used to manage Windows privileges from an Ansible module. Once this function is called, the following PowerShell cmdlets can be used; Get-AnsiblePrivilege Set-AnsiblePrivilege The above cmdlets give the ability to manage permissions on the current process token but the underlying .NET classes are also exposed for greater control. The following functions can be used by calling the .NET class [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($name) [Ansible.PrivilegeUtil.Privileges]::DisablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::DisableAllPrivileges($process) [Ansible.PrivilegeUtil.Privileges]::EnablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process) [Ansible.PrivilegeUtil.Privileges]::RemovePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process, $new_state) Here is a brief explanation of each type of arg $process = The process handle to manipulate, use '[Ansible.PrivilegeUtils.Privileges]::GetCurrentProcess()' to get the current process handle $name = The name of the privilege, this is the constant value from https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants, e.g. SeAuditPrivilege $new_state = 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' The key is the constant name as a string, the value is a ternary boolean where true - will enable the privilege false - will disable the privilege null - will remove the privilege Each method that changes the privilege state will return a dictionary that can be used as the $new_state arg of SetTokenPrivileges to undo and revert back to the original state. If you remove a privilege then this is irreversible and won't be part of the returned dict #> [CmdletBinding()] # build the C# code to compile $namespace_import = ($ansible_privilege_util_namespaces | ForEach-Object { "using $_;" }) -join "`r`n" $platform_util = "$namespace_import`r`n`r`n$ansible_privilege_util_code" # FUTURE: find a better way to get the _ansible_remote_tmp variable # this is used to force csc to compile the C# code in the remote tmp # specified $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $platform_util $env:TMP = $original_tmp } Function Get-AnsiblePrivilege { <# .SYNOPSIS Get the status of a privilege for the current process. This returns $true - the privilege is enabled $false - the privilege is disabled $null - the privilege is removed from the token If Name is not a valid privilege name, this will throw an ArgumentException. .EXAMPLE Get-AnsiblePrivilege -Name SeDebugPrivilege #> [CmdletBinding()] param( [Parameter(Mandatory=$true)][String]$Name ) if (-not [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($Name)) { throw [System.ArgumentException] "Invalid privilege name '$Name'" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() $privilege_info = [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process_token) if ($privilege_info.ContainsKey($Name)) { $status = $privilege_info.$Name return $status.HasFlag([Ansible.PrivilegeUtil.PrivilegeAttributes]::Enabled) } else { return $null } } Function Set-AnsiblePrivilege { <# .SYNOPSIS Enables/Disables a privilege on the current process' token. If a privilege has been removed from the process token, this will throw an InvalidOperationException. .EXAMPLE # enable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $true # disable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $false #> [CmdletBinding(SupportsShouldProcess)] param( [Parameter(Mandatory=$true)][String]$Name, [Parameter(Mandatory=$true)][bool]$Value ) $action = switch($Value) { $true { "Enable" } $false { "Disable" } } $current_state = Get-AnsiblePrivilege -Name $Name if ($current_state -eq $Value) { return # no change needs to occur } elseif ($null -eq $current_state) { # once a privilege is removed from a token we cannot do anything with it throw [System.InvalidOperationException] "Cannot $($action.ToLower()) the privilege '$Name' as it has been removed from the token" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() if ($PSCmdlet.ShouldProcess($Name, "$action the privilege $Name")) { $new_state = New-Object -TypeName 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' $new_state.Add($Name, $Value) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process_token, $new_state) > $null } } Export-ModuleMember -Function Import-PrivilegeUtil, Get-AnsiblePrivilege, Set-AnsiblePrivilege ` -Variable ansible_privilege_util_namespaces, ansible_privilege_util_code ScriptBlock ID: e7509329-e6bd-44f5-ab91-59db9ab07be8 Path:	4104	1		3	2	15	0	1757	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3692	3896	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:41 PM	e5295ba9-9827-0001-7d5d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): # Copyright (c) 2018 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) # store in separate variables to make it easier for other module_utils to # share this code in their own c# code $ansible_privilege_util_namespaces = @( "Microsoft.Win32.SafeHandles", "System", "System.Collections.Generic", "System.Linq", "System.Runtime.InteropServices", "System.Security.Principal", "System.Text" ) $ansible_privilege_util_code = @' namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code ScriptBlock ID: e7509329-e6bd-44f5-ab91-59db9ab07be8 Path:	4104	1		3	2	15	0	1756	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3692	3896	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:41 PM	e5295ba9-9827-0001-7d5d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) #Requires -Module Ansible.ModuleUtils.PrivilegeUtil Function Load-LinkUtils() { $link_util = @' using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } } '@ # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $link_util $env:TMP = $original_tmp Import-PrivilegeUtil # enable the SeBackupPrivilege if it is disabled $state = Get-AnsiblePrivilege -Name SeBackupPrivilege if ($state -eq $false) { Set-AnsiblePrivilege -Name SeBackupPrivilege -Value $true } } Function Get-Link($link_path) { $link_info = [Ansible.LinkUtil]::GetLinkInfo($link_path) return $link_info } Function Remove-Link($link_path) { [Ansible.LinkUtil]::DeleteLink($link_path) } Function New-Link($link_path, $link_target, $link_type) { if (-not (Test-Path -Path $link_target)) { throw "link_target '$link_target' does not exist, cannot create link" } switch($link_type) { "link" { $type = [Ansible.LinkType]::SymbolicLink } "junction" { if (Test-Path -Path $link_target -PathType Leaf) { throw "cannot set the target for a junction point to a file" } $type = [Ansible.LinkType]::JunctionPoint } "hard" { if (Test-Path -Path $link_target -PathType Container) { throw "cannot set the target for a hard link to a directory" } $type = [Ansible.LinkType]::HardLink } default { throw "invalid link_type option $($link_type): expecting link, junction, hard" } } [Ansible.LinkUtil]::CreateLink($link_path, $link_target, $type) } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 675373e4-5e18-4af6-be9d-1547b944cac0 Path:	4104	1		3	2	15	0	1755	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3692	3896	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:41 PM	e5295ba9-9827-0000-225d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: f77ef704-4111-418f-942f-238137c5cb70 Path:	4104	1		3	2	15	0	1754	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3692	3896	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:41 PM	e5295ba9-9827-0000-135d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 6): GVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkNyZWF0aW9uVGltZSkKICAgICAgICBsYXN0YWNjZXNzdGltZSA9IChEYXRlVG8tVGltZXN0YW1wIC1zdGFydF9kYXRlICRlcG9jaF9kYXRlIC1lbmRfZGF0ZSAkaW5mby5MYXN0QWNjZXNzVGltZSkKICAgICAgICBsYXN0d3JpdGV0aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkxhc3RXcml0ZVRpbWUpCiAgICAgICAgIyBzaXplID0gYSBmaWxlIGFuZCBkaXJlY3RvcnkgLSBjYWxjdWxhdGVkIGJlbG93CiAgICAgICAgcGF0aCA9ICRpbmZvLkZ1bGxOYW1lCiAgICAgICAgZmlsZW5hbWUgPSAkaW5mby5OYW1lCiAgICAgICAgIyBleHRlbnNpb24gPSBhIGZpbGUKICAgICAgICAjIG93bmVyID0gc2V0IG91dHNpdGUgdGhpcyBkaWN0IGluIGNhc2UgaXQgZmFpbHMKICAgICAgICAjIHNoYXJlbmFtZSA9IGEgZGlyZWN0b3J5IGFuZCBpc3NoYXJlZCBpcyBUcnVlCiAgICAgICAgIyBjaGVja3N1bSA9IGEgZmlsZSBhbmQgZ2V0X2NoZWNrc3VtOiBUcnVlCiAgICAgICAgIyBtZDUgPSBhIGZpbGUgYW5kIGdldF9tZDU6IFRydWUKICAgIH0KICAgICRzdGF0Lm93bmVyID0gJGluZm8uR2V0QWNjZXNzQ29udHJvbCgpLk93bmVyCgogICAgIyB2YWx1ZXMgdGhhdCBhcmUgc2V0IGFjY29yZGluZyB0byB0aGUgdHlwZSBvZiBmaWxlCiAgICBpZiAoJGluZm8uQXR0cmlidXRlcy5IYXNGbGFnKFtTeXN0ZW0uSU8uRmlsZUF0dHJpYnV0ZXNdOjpEaXJlY3RvcnkpKSB7CiAgICAgICAgJHN0YXQuaXNkaXIgPSAkdHJ1ZQogICAgICAgICRzaGFyZV9pbmZvID0gR2V0LVdtaU9iamVjdCAtQ2xhc3MgV2luMzJfU2hhcmUgLUZpbHRlciAiUGF0aD0nJCgkc3RhdC5wYXRoIC1yZXBsYWNlICdcXCcsICdcXCcpJyIKICAgICAgICBpZiAoJHNoYXJlX2luZm8gLW5lICRudWxsKSB7CiAgICAgICAgICAgICRzdGF0Lmlzc2hhcmVkID0gJHRydWUKICAgICAgICAgICAgJHN0YXQuc2hhcmVuYW1lID0gJHNoYXJlX2luZm8uTmFtZQogICAgICAgIH0KCiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHNpemUgPSAwCiAgICAgICAgICAgIGZvcmVhY2ggKCRmaWxlIGluICRpbmZvLkVudW1lcmF0ZUZpbGVzKCIqIiwgW1N5c3RlbS5JTy5TZWFyY2hPcHRpb25dOjpBbGxEaXJlY3RvcmllcykpIHsKICAgICAgICAgICAgICAgICRzaXplICs9ICRmaWxlLkxlbmd0aAogICAgICAgICAgICB9CiAgICAgICAgICAgICRzdGF0LnNpemUgPSAkc2l6ZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICAkc3RhdC5zaXplID0gMAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHN0YXQuZXh0ZW5zaW9uID0gJGluZm8uRXh0ZW5zaW9uCiAgICAgICAgJHN0YXQuaXNyZWcgPSAkdHJ1ZQogICAgICAgICRzdGF0LnNpemUgPSAkaW5mby5MZW5ndGgKCiAgICAgICAgaWYgKCRnZXRfbWQ1KSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3RhdC5tZDUgPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gIm1kNSIKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gZ2V0IE1ENSBoYXNoIG9mIGZpbGUsIHJlbW92ZSBnZXRfbWQ1IHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBpZiAoJGdldF9jaGVja3N1bSkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgJHN0YXQuY2hlY2tzdW0gPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gJGNoZWNrc3VtX2FsZ29yaXRobQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byBnZXQgaGFzaCBvZiBmaWxlLCBzZXQgZ2V0X2NoZWNrc3VtIHRvIEZhbHNlIHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAjIEdldCBzeW1ib2xpYyBsaW5rLCBqdW5jdGlvbiBwb2ludCwgaGFyZCBsaW5rIGluZm8KICAgIExvYWQtTGlua1V0aWxzCiAgICB0cnkgewogICAgICAgICRsaW5rX2luZm8gPSBHZXQtTGluayAtbGlua19wYXRoICRpbmZvLkZ1bGxOYW1lCiAgICB9IGNhdGNoIHsKICAgICAgICBBZGQtV2FybmluZyAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBjaGVjay9nZXQgbGluayBpbmZvIGZvciBmaWxlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KICAgIGlmICgkbGlua19pbmZvIC1uZSAkbnVsbCkgewogICAgICAgIHN3aXRjaCAoJGxpbmtfaW5mby5UeXBlKSB7CiAgICAgICAgICAgICJTeW1ib2xpY0xpbmsiIHsKICAgICAgICAgICAgICAgICRzdGF0LmlzbG5rID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJKdW5jdGlvblBvaW50IiB7CiAgICAgICAgICAgICAgICAkc3RhdC5pc2p1bmN0aW9uID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJIYXJkTGluayIgewogICAgICAgICAgICAgICAgJHN0YXQubG5rX3R5cGUgPSAiaGFyZCIKICAgICAgICAgICAgICAgICRzdGF0Lm5saW5rID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cy5Db3VudAoKICAgICAgICAgICAgICAgICMgcmVtb3ZlIGN1cnJlbnQgcGF0aCBmcm9tIHRoZSB0YXJnZXRzCiAgICAgICAgICAgICAgICAkaGxua190YXJnZXRzID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cyB8IFdoZXJlLU9iamVjdCB7ICRfIC1uZSAkc3RhdC5wYXRoIH0KICAgICAgICAgICAgICAgICRzdGF0LmhsbmtfdGFyZ2V0cyA9IEAoJGhsbmtfdGFyZ2V0cykKICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CgogICAgJHJlc3VsdC5zdGF0ID0gJHN0YXQKfQoKRXhpdC1Kc29uICRyZXN1bHQK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_stat", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_check_mode": false, "get_checksum": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack\\log\\neutron-hyperv-agent.log", "get_md5": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 1cf6e8e3-386a-407d-ae78-c500a6eda204 Path:	4104	1		3	2	15	0	1753	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3692	3896	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:41 PM	e5295ba9-9827-0000-0d5d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 6): gICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5GaWxlVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxpbmtVdGlsCgpmdW5jdGlvbiBEYXRlVG8tVGltZXN0YW1wKCRzdGFydF9kYXRlLCAkZW5kX2RhdGUpIHsKICAgIGlmICgkc3RhcnRfZGF0ZSAtYW5kICRlbmRfZGF0ZSkgewogICAgICAgIHJldHVybiAoTmV3LVRpbWVTcGFuIC1TdGFydCAkc3RhcnRfZGF0ZSAtRW5kICRlbmRfZGF0ZSkuVG90YWxTZWNvbmRzCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJwYXRoIiAtdHlwZSAicGF0aCIgLWZhaWxpZmVtcHR5ICR0cnVlIC1hbGlhc2VzICJkZXN0IiwibmFtZSIKJGdldF9tZDUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2V0X21kNSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokZ2V0X2NoZWNrc3VtID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImdldF9jaGVja3N1bSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCiRjaGVja3N1bV9hbGdvcml0aG0gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hlY2tzdW1fYWxnb3JpdGhtIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAic2hhMSIgLXZhbGlkYXRlc2V0ICJtZDUiLCJzaGExIiwic2hhMjU2Iiwic2hhMzg0Iiwic2hhNTEyIgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCiAgICBzdGF0ID0gQHsKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfQoKIyBnZXRfbWQ1IHdpbGwgYmUgYW4gdW5kb2N1bWVudGVkIG9wdGlvbiBpbiAyLjkgdG8gYmUgcmVtb3ZlZCBhdCBhIGxhdGVyCiMgZGF0ZSBpZiBwb3NzaWJsZSAoMy4wKykKaWYgKEdldC1NZW1iZXIgLWlucHV0b2JqZWN0ICRwYXJhbXMgLW5hbWUgImdldF9tZDUiKSB7CiAgICBBZGQtRGVwcmVhY3Rpb25XYXJuaW5nIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiZ2V0X21kNSBoYXMgYmVlbiBkZXByZWNhdGVkIGFsb25nIHdpdGggdGhlIG1kNSByZXR1cm4gdmFsdWUsIHVzZSBnZXRfY2hlY2tzdW09VHJ1ZSBhbmQgY2hlY2tzdW1fYWxnb3JpdGhtPW1kNSBpbnN0ZWFkIiAtdmVyc2lvbiAyLjkKfQoKJGluZm8gPSBHZXQtQW5zaWJsZUl0ZW0gLVBhdGggJHBhdGggLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKSWYgKCRpbmZvIC1uZSAkbnVsbCkgewogICAgJGVwb2NoX2RhdGUgPSBHZXQtRGF0ZSAtRGF0ZSAiMDEvMDEvMTk3MCIKICAgICRhdHRyaWJ1dGVzID0gQCgpCiAgICBmb3JlYWNoICgkYXR0cmlidXRlIGluICgkaW5mby5BdHRyaWJ1dGVzIC1zcGxpdCAnLCcpKSB7CiAgICAgICAgJGF0dHJpYnV0ZXMgKz0gJGF0dHJpYnV0ZS5UcmltKCkKICAgIH0KCiAgICAjIGRlZmF1bHQgdmFsdWVzIHRoYXQgYXJlIGFsd2F5cyBzZXQsIHNwZWNpZmljIHZhbHVlcyBhcmUgc2V0IGJlbG93IHRoaXMKICAgICMgYnV0IGFyZSBrZXB0IGNvbW1lbnRlZCBmb3IgZWFzaWVyIHJlYWRhYmlsaXR5CiAgICAkc3RhdCA9IEB7CiAgICAgICAgZXhpc3RzID0gJHRydWUKICAgICAgICBhdHRyaWJ1dGVzID0gJGluZm8uQXR0cmlidXRlcy5Ub1N0cmluZygpCiAgICAgICAgaXNhcmNoaXZlID0gKCRhdHRyaWJ1dGVzIC1jb250YWlucyAiQXJjaGl2ZSIpCiAgICAgICAgaXNkaXIgPSAkZmFsc2UKICAgICAgICBpc2hpZGRlbiA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIkhpZGRlbiIpCiAgICAgICAgaXNqdW5jdGlvbiA9ICRmYWxzZQogICAgICAgIGlzbG5rID0gJGZhbHNlCiAgICAgICAgaXNyZWFkb25seSA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIlJlYWRPbmx5IikKICAgICAgICBpc3JlZyA9ICRmYWxzZQogICAgICAgIGlzc2hhcmVkID0gJGZhbHNlCiAgICAgICAgbmxpbmsgPSAxICAjIE51bWJlciBvZiBsaW5rcyB0byB0aGUgZmlsZSAoaGFyZCBsaW5rcyksIG92ZXJyaWRlbiBiZWxvdyBpZiBpc2xuawogICAgICAgICMgbG5rX3RhcmdldCA9IGlzbG5rIG9yIGlzanVuY3Rpb24gVGFyZ2V0IG9mIHRoZSBzeW1saW5rLiBOb3RlIHRoYXQgcmVsYXRpdmUgcGF0aHMgcmVtYWluIHJlbGF0aXZlCiAgICAgICAgIyBsbmtfc291cmNlID0gaXNsbmsgb3MgaXNqdW5jdGlvbiBUYXJnZXQgb2YgdGhlIHN5bWxpbmsgbm9ybWFsaXplZCBmb3IgdGhlIHJlbW90ZSBmaWxlc3lzdGVtCiAgICAgICAgaGxua190YXJnZXRzID0gQCgpCiAgICAgICAgY3JlYXRpb250aW1lID0gKERhd ScriptBlock ID: 1cf6e8e3-386a-407d-ae78-c500a6eda204 Path:	4104	1		3	2	15	0	1752	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3692	3896	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:41 PM	e5295ba9-9827-0000-0d5d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 6): AgICAgICAgIGlzUmVsYXRpdmUgPSB0cnVlOwogICAgICAgICAgICAgICAgcGF0aE9mZnNldCA9IDI7CiAgICAgICAgICAgICAgICBsaW5rVHlwZSA9IExpbmtUeXBlLlN5bWJvbGljTGluazsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlIGlmIChidWZmZXIuUmVwYXJzZVRhZyA9PSBJT19SRVBBUlNFX1RBR19NT1VOVF9QT0lOVCkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgbGlua1R5cGUgPSBMaW5rVHlwZS5KdW5jdGlvblBvaW50OwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIGVycm9yTWVzc2FnZSA9IFN0cmluZy5Gb3JtYXQoIkludmFsaWQgUmVwYXJzZSBUYWc6IHswfSIsIGJ1ZmZlci5SZXBhcnNlVGFnLlRvU3RyaW5nKCkpOwogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEV4Y2VwdGlvbihlcnJvck1lc3NhZ2UpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBzdHJpbmcgcHJpbnROYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlByaW50TmFtZU9mZnNldCAvIFNJWkVfT0ZfV0NIQVIpICsgcGF0aE9mZnNldCwgKGludCkoYnVmZmVyLlByaW50TmFtZUxlbmd0aCAvIFNJWkVfT0ZfV0NIQVIpKTsKICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0IC8gU0laRV9PRl9XQ0hBUikgKyBwYXRoT2Zmc2V0LCAoaW50KShidWZmZXIuU3Vic3RpdHV0ZU5hbWVMZW5ndGggLyBTSVpFX09GX1dDSEFSKSk7CgogICAgICAgICAgICAvLyBUT0RPOiBzaG91bGQgd2UgY2hlY2sgZm9yIFw/XFVOQ1xzZXJ2ZXIgZm9yIGNvbnZlcnQgaXQgdG8gdGhlIE5UIHN0eWxlIFxcc2VydmVyIHBhdGgKICAgICAgICAgICAgLy8gUmVtb3ZlIHRoZSBsZWFkaW5nIFdpbmRvd3Mgb2JqZWN0IGRpcmVjdG9yeSBcP1wgZnJvbSB0aGUgcGF0aCBpZiBwcmVzZW50CiAgICAgICAgICAgIHN0cmluZyB0YXJnZXRQYXRoID0gc3Vic3RpdHV0ZU5hbWU7CiAgICAgICAgICAgIGlmICh0YXJnZXRQYXRoLlN0YXJ0c1dpdGgoIlxcPz9cXCIpKQogICAgICAgICAgICAgICAgdGFyZ2V0UGF0aCA9IHRhcmdldFBhdGguU3Vic3RyaW5nKDQsIHRhcmdldFBhdGguTGVuZ3RoIC0gNCk7CgogICAgICAgICAgICBzdHJpbmcgYWJzb2x1dGVQYXRoID0gdGFyZ2V0UGF0aDsKICAgICAgICAgICAgaWYgKGlzUmVsYXRpdmUpCiAgICAgICAgICAgICAgICBhYnNvbHV0ZVBhdGggPSBQYXRoLkdldEZ1bGxQYXRoKFBhdGguQ29tYmluZShuZXcgRmlsZUluZm8obGlua1BhdGgpLkRpcmVjdG9yeS5GdWxsTmFtZSwgdGFyZ2V0UGF0aCkpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBMaW5rSW5mbwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBUeXBlID0gbGlua1R5cGUsCiAgICAgICAgICAgICAgICBQcmludE5hbWUgPSBwcmludE5hbWUsCiAgICAgICAgICAgICAgICBTdWJzdGl0dXRlTmFtZSA9IHN1YnN0aXR1dGVOYW1lLAogICAgICAgICAgICAgICAgQWJzb2x1dGVQYXRoID0gYWJzb2x1dGVQYXRoLAogICAgICAgICAgICAgICAgVGFyZ2V0UGF0aCA9IHRhcmdldFBhdGgKICAgICAgICAgICAgfTsKICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIHZvaWQgQ3JlYXRlSnVuY3Rpb25Qb2ludChzdHJpbmcgbGlua1BhdGgsIHN0cmluZyBsaW5rVGFyZ2V0KQogICAgICAgIHsKICAgICAgICAgICAgLy8gV2UgbmVlZCB0byBjcmVhdGUgdGhlIGxpbmsgYXMgYSBkaXIgYmVmb3JlaGFuZAogICAgICAgICAgICBEaXJlY3RvcnkuQ3JlYXRlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgZmlsZUhhbmRsZSA9IENyZWF0ZUZpbGUoCiAgICAgICAgICAgICAgICBsaW5rUGF0aCwKICAgICAgICAgICAgICAgIEZpbGVBY2Nlc3MuV3JpdGUsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuUmVhZCB8IEZpbGVTaGFyZS5Xcml0ZSB8IEZpbGVTaGFyZS5Ob25lLAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICBGaWxlTW9kZS5PcGVuLAogICAgICAgICAgICAgICAgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgfCBGSUxFX0ZMQUdfT1BFTl9SRVBBUlNFX1BPSU5ULAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8pOwoKICAgICAgICAgICAgaWYgKGZpbGVIYW5kbGUuSXNJbnZhbGlkKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlRmlsZSh7MH0pIGZhaWxlZCIsIGxpbmtQYXRoKSk7CgogICAgICAgICAgICB0cnkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gIlxcPz9cXCIgKyBQYXRoLkdldEZ1bGxQYXRoKGxpbmtUYXJnZXQpOwogICAgICAgICAgICAgICAgc3RyaW5nIHByaW50TmFtZSA9IGxpbmtUYXJnZXQ7CgogICAgICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICAgICAgYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0ID0gMDsKICAgICAgICAgICAgICAgIGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCA9IChVSW50MTYpKHN1YnN0aXR1dGVOYW1lLkxlbmd0aCAqIFNJWkVfT0ZfV0NIQVIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZU9mZnNldCA9IChVSW50MTYpKGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCArIDIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZUxlbmd0aCA9IChVSW50MTYpKHByaW50TmFtZS5MZW5ndGggKiBTSVpFX09GX1dDSEFSKTsKCiAgICAgICAgICAgICAgICBidWZmZXIuUmVwYXJzZVRhZyA9IElPX1JFUEFSU0VfVEFHX01PVU5UX1BPSU5UOwogICAgICAgICAgICAgICAgYnVmZmVyLlJlcGFyc2VEYXRhTGVuZ3RoID0gKFVJbnQxNikoYnVmZmVyLlN1YnN0aXR1dGVOYW1lTGVuZ3RoICsgYnVmZmVyLlByaW50TmFtZUxlbmd0aCArIDEyKTsKICAgICAgICAgICAgICAgIGJ1ZmZlci5QYXRoQnVmZmVyID0gbmV3IGNoYXJbTUFYSU1VTV9SRVBBUlNFX0RBVEFfQlVGRkVSX1NJWkVdOwoKICAgICAgICAgICAgICAgIGJ5dGVbXSB1bmljb2RlQnl0ZXMgPSBFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHN1YnN0aXR1dGVOYW1lICsgIlwwIiArIHByaW50TmFtZSk7CiAgICAgICAgICAgICAgICBjaGFyW10gcGF0aEJ1ZmZlciA9IEVuY29kaW5nLlVuaWNvZGUuR2V0Q2hhcnModW5pY29kZUJ5dGVzKTsKICAgICAgICAgICAgICAgIEFycmF5LkNvcHkocGF0aEJ1ZmZlciwgYnVmZmVyLlBhdGhCdWZmZXIsIHBhdGhCdWZmZXIuTGVuZ3RoKTsKCiAgICAgICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIChVSW50MzIpKGJ1ZmZlci5SZXBhcnNlRGF0YUxlbmd0aCArIDgpLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLCAwLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgdG8gY3JlYXRlIGp1bmN0aW9uIHBvaW50IGF0IHswfSB0byB7MX0iLCBsaW5rUGF0aCwgbGlua1RhcmdldCkpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZmlsZUhhbmRsZS5EaXNwb3NlKCk7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9Cn0KJ0AKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRsaW5rX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKICAgIEltcG9ydC1Qcml2aWxlZ2VVdGlsCiAgICAjIGVuYWJsZSB0aGUgU2VCYWNrdXBQcml2aWxlZ2UgaWYgaXQgaXMgZGlzYWJsZWQKICAgICRzdGF0ZSA9IEdldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQmFja3VwUHJpdmlsZWdlCiAgICBpZiAoJHN0YXRlIC1lcSAkZmFsc2UpIHsKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZSAtTmFtZSBTZUJhY2t1cFByaXZpbGVnZSAtVmFsdWUgJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUxpbmsoJGxpbmtfcGF0aCkgewogICAgJGxpbmtfaW5mbyA9IFtBbnNpYmxlLkxpbmtVdGlsXTo6R2V0TGlua0luZm8oJGxpbmtfcGF0aCkKICAgIHJldHVybiAkbGlua19pbmZvCn0KCkZ1bmN0aW9uIFJlbW92ZS1MaW5rKCRsaW5rX3BhdGgpIHsKICAgIFtBbnNpYmxlLkxpbmtVdGlsXTo6RGVsZXRlTGluaygkbGlua19wYXRoKQp9CgpGdW5jdGlvbiBOZXctTGluaygkbGlua19wYXRoLCAkbGlua190YXJnZXQsICRsaW5rX3R5cGUpIHsKICAgIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0KSkgewogICAgICAgIHRocm93ICJsaW5rX3RhcmdldCAnJGxpbmtfdGFyZ2V0JyBkb2VzIG5vdCBleGlzdCwgY2Fubm90IGNyZWF0ZSBsaW5rIgogICAgfQogICAgCiAgICBzd2l0Y2goJGxpbmtfdHlwZSkgewogICAgICAgICJsaW5rIiB7CiAgICAgICAgICAgICR0eXBlID0gW0Fuc2libGUuTGlua1R5cGVdOjpTeW1ib2xpY0xpbmsKICAgICAgICB9CiAgICAgICAgImp1bmN0aW9uIiB7CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGp1bmN0aW9uIHBvaW50IHRvIGEgZmlsZSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SnVuY3Rpb25Qb2ludAogICAgICAgIH0KICAgICAgICAiaGFyZCIgewogICAgICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRsaW5rX3RhcmdldCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGhhcmQgbGluayB0byBhIGRpcmVjdG9yeSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SGFyZExpbmsKICAgICAgICB9CiAgICAgICAgZGVmYXVsdCB7IHRocm93ICJpbnZhbGlkIGxpbmtfdHlwZSBvcHRpb24gJCgkbGlua190eXBlKTogZXhwZWN0aW5nIGxpbmssIGp1bmN0aW9uLCBoYXJkIiB9CiAgICB9CiAgICBbQW5zaWJsZS5MaW5rVXRpbF06OkNyZWF0ZUxpbmsoJGxpbmtfcGF0aCwgJGxpbmtfdGFyZ2V0LCAkdHlwZSkKfQoKIyB0aGlzIGxpbmUgbXVzdCBzdGF5IGF0IHRoZSBib3R0b20gdG8gZW5zdXJlIGFsbCBkZWZpbmVkIG1vZHVsZSBwYXJ0cyBhcmUgZXhwb3J0ZWQKRXhwb3J0LU1vZHVsZU1lbWJlciAtQWxpYXMgKiAtRnVuY3Rpb24gKiAtQ21kbGV0ICoK", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICA ScriptBlock ID: 1cf6e8e3-386a-407d-ae78-c500a6eda204 Path:	4104	1		3	2	15	0	1751	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3692	3896	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:41 PM	e5295ba9-9827-0000-0d5d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 6): hYmxlYDFbU3lzdGVtLkJvb2xlYW5dXV0nCiAgICAgICAgJG5ld19zdGF0ZS5BZGQoJE5hbWUsICRWYWx1ZSkKICAgICAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3NfdG9rZW4sICRuZXdfc3RhdGUpID4gJG51bGwKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gSW1wb3J0LVByaXZpbGVnZVV0aWwsIEdldC1BbnNpYmxlUHJpdmlsZWdlLCBTZXQtQW5zaWJsZVByaXZpbGVnZSBgCiAgICAtVmFyaWFibGUgYW5zaWJsZV9wcml2aWxlZ2VfdXRpbF9uYW1lc3BhY2VzLCBhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGU=", "Ansible.ModuleUtils.LinkUtil": "ICMgQ29weXJpZ2h0IChjKSAyMDE3IEFuc2libGUgUHJvamVjdAogIyBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlIChzZWUgbGljZW5zZXMvc2ltcGxpZmllZF9ic2QudHh0IG9yIGh0dHBzOi8vb3BlbnNvdXJjZS5vcmcvbGljZW5zZXMvQlNELTItQ2xhdXNlKQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Qcml2aWxlZ2VVdGlsCgpGdW5jdGlvbiBMb2FkLUxpbmtVdGlscygpIHsKICAgICRsaW5rX3V0aWwgPSBAJwp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWM7CnVzaW5nIFN5c3RlbS5JTzsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwp1c2luZyBTeXN0ZW0uVGV4dDsKCm5hbWVzcGFjZSBBbnNpYmxlCnsKICAgIHB1YmxpYyBlbnVtIExpbmtUeXBlCiAgICB7CiAgICAgICAgU3ltYm9saWNMaW5rLAogICAgICAgIEp1bmN0aW9uUG9pbnQsCiAgICAgICAgSGFyZExpbmsKICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CgogICAgICAgIHB1YmxpYyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIExpbmtVdGlsV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgb3ZlcnJpZGUgc3RyaW5nIE1lc3NhZ2UgeyBnZXQgeyByZXR1cm4gX21zZzsgfSB9CiAgICAgICAgcHVibGljIHN0YXRpYyBleHBsaWNpdCBvcGVyYXRvciBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBMaW5rSW5mbwogICAgewogICAgICAgIHB1YmxpYyBMaW5rVHlwZSBUeXBlIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICBwdWJsaWMgc3RyaW5nIFByaW50TmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBTdWJzdGl0dXRlTmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBBYnNvbHV0ZVBhdGggeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIHB1YmxpYyBzdHJpbmcgVGFyZ2V0UGF0aCB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZ1tdIEhhcmRUYXJnZXRzIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgIH0KCiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICBwdWJsaWMgc3RydWN0IFJFUEFSU0VfREFUQV9CVUZGRVIKICAgIHsKICAgICAgICBwdWJsaWMgVUludDMyIFJlcGFyc2VUYWc7CiAgICAgICAgcHVibGljIFVJbnQxNiBSZXBhcnNlRGF0YUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFJlc2VydmVkOwogICAgICAgIHB1YmxpYyBVSW50MTYgU3Vic3RpdHV0ZU5hbWVPZmZzZXQ7CiAgICAgICAgcHVibGljIFVJbnQxNiBTdWJzdGl0dXRlTmFtZUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZU9mZnNldDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZUxlbmd0aDsKCiAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkJ5VmFsQXJyYXksIFNpemVDb25zdCA9IExpbmtVdGlsLk1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFKV0KICAgICAgICBwdWJsaWMgY2hhcltdIFBhdGhCdWZmZXI7CiAgICB9CgogICAgcHVibGljIGNsYXNzIExpbmtVdGlsCiAgICB7CiAgICAgICAgcHVibGljIGNvbnN0IGludCBNQVhJTVVNX1JFUEFSU0VfREFUQV9CVUZGRVJfU0laRSA9IDEwMjQgKiAxNjsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgPSAweDAyMDAwMDAwOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgPSAweDAwMjAwMDAwOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBGU0NUTF9HRVRfUkVQQVJTRV9QT0lOVCA9IDB4MDAwOTAwQTg7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQgPSAweDAwMDkwMEE0OwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfREVWSUNFX0ZJTEVfU1lTVEVNID0gMHgwMDA5MDAwMDsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgSU9fUkVQQVJTRV9UQUdfTU9VTlRfUE9JTlQgPSAweEEwMDAwMDAzOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIElPX1JFUEFSU0VfVEFHX1NZTUxJTksgPSAweEEwMDAwMDBDOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1MSU5LX0ZMQUdfUkVMQVRJVkUgPSAweDAwMDAwMDAxOwoKICAgICAgICBwcml2YXRlIGNvbnN0IEludDY0IElOVkFMSURfSEFORExFX1ZBTFVFID0gLTE7CgogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIFNJWkVfT0ZfV0NIQVIgPSAyOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRSA9IDB4MDAwMDAwMDA7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgU1lNQk9MSUNfTElOS19GTEFHX0RJUkVDVE9SWSA9IDB4MDAwMDAwMDE7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBTYWZlRmlsZUhhbmRsZSBDcmVhdGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLlU0KV0gRmlsZUFjY2VzcyBkd0Rlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5VNCldIEZpbGVTaGFyZSBkd1NoYXJlTW9kZSwKICAgICAgICAgICAgSW50UHRyIGxwU2VjdXJpdHlBdHRyaWJ1dGVzLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuVTQpXSBGaWxlTW9kZSBkd0NyZWF0aW9uRGlzcG9zaXRpb24sCiAgICAgICAgICAgIFVJbnQzMiBkd0ZsYWdzQW5kQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGhUZW1wbGF0ZUZpbGUpOwoKICAgICAgICAvLyBVc2VkIGJ5IEdldFJlcGFyc2VQb2ludEluZm8oKQogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIERldmljZUlvQ29udHJvbCgKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaERldmljZSwKICAgICAgICAgICAgVUludDMyIGR3SW9Db250cm9sQ29kZSwKICAgICAgICAgICAgSW50UHRyIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgUkVQQVJTRV9EQVRBX0JVRkZFUiBscE91dEJ1ZmZlciwKICAgICAgICAgICAgVUludDMyIG5PdXRCdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgVUludDMyIGxwQnl0ZXNSZXR1cm5lZCwKICAgICAgICAgICAgSW50UHRyIGxwT3ZlcmxhcHBlZCk7CgogICAgICAgIC8vIFVzZWQgYnkgQ3JlYXRlSnVuY3Rpb25Qb2ludCgpCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIGJvb2wgRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICBTYWZlRmlsZUhhbmRsZSBoRGV2aWNlLAogICAgICAgICAgICBVSW50MzIgZHdJb0NvbnRyb2xDb2RlLAogICAgICAgICAgICBSRVBBUlNFX0RBVEFfQlVGRkVSIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBJbnRQdHIgbHBPdXRCdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuT3V0QnVmZmVyU2l6ZSwKICAgICAgICAgICAgb3V0IFVJbnQzMiBscEJ5dGVzUmV0dXJuZWQsCiAgICAgICAgICAgIEludFB0ciBscE92ZXJsYXBwZWQpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBHZXRWb2x1bWVQYXRoTmFtZSgKICAgICAgICAgICAgc3RyaW5nIGxwc3pGaWxlTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscHN6Vm9sdW1lUGF0aE5hbWUsCiAgICAgICAgICAgIHJlZiBVSW50MzIgY2NoQnVmZmVyTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIEludFB0ciBGaW5kRmlyc3RGaWxlTmFtZVcoCiAgICAgICAgICAgIHN0cmluZyBscEZpbGVOYW1lLAogICAgICAgICAgICBVSW50MzIgZHdGbGFncywKICAgICAgICAgICAgcmVmIFVJbnQzMiBTdHJpbmdMZW5ndGgsCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgTGlua05hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBGaW5kTmV4dEZpbGVOYW1lVygKICAgICAgICAgICAgSW50UHRyIGhGaW5kU3RyZWFtLAogICAgICAgICAgICByZWYgVUludDMyIFN0cmluZ0xlbmd0aCwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBMaW5rTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEZpbmRDbG9zZSgKICAgICAgICAgICAgSW50UHRyIGhGaW5kRmlsZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeSgKICAgICAgICAgICAgc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBEZWxldGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIENyZWF0ZVN5bWJvbGljTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwU3ltbGlua0ZpbGVOYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBUYXJnZXRGaWxlTmFtZSwKICAgICAgICAgICAgVUludDMyIGR3RmxhZ3MpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVIYXJkTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwRmlsZU5hbWUsCiAgICAgICAgICAgIHN0cmluZyBscEV4aXN0aW5nRmlsZU5hbWUsCiAgICAgICAgICAgIEludFB0ciBscFNlY3VyaXR5QXR0cmlidXRlcyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgTGlua0luZm8gR2V0TGlua0luZm8oc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rUGF0aCk7CiAgICAgICAgICAgIGlmIChhdHRyLkhhc0ZsYWcoRmlsZUF0dHJpYnV0ZXMuUmVwYXJzZVBvaW50KSkKICAgICAgICAgICAgICAgIHJldHVybiBHZXRSZXBhcnNlUG9pbnRJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIGlmICghYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICByZXR1cm4gR2V0SGFyZExpbmtJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIHJldHVybiBudWxsOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUxpbmsoc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgYm9vbCBzdWNjZXNzOwogICAgICAgICAgICBGaWxlQXR0cmlidXRlcyBhdHRyID0gRmlsZS5HZXRBdHRyaWJ1dGVzKGxpbmtQYXRoKTsKICAgICAgICAgICAgaWYgKGF0dHIuSGFzRmxhZyhGaWxlQXR0cmlidXRlcy5EaXJlY3RvcnkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzdWNjZXNzID0gUmVtb3ZlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIHN1Y2Nlc3MgPSBEZWxldGVGaWxlKGxpbmtQYXRoKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgaWYgKCFzdWNjZXNzKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRmFpbGVkIHRvIGRlbGV0ZSBsaW5rIGF0IHswfSIsIGxpbmtQYXRoKSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgQ3JlYXRlTGluayhzdHJpbmcgbGlua1BhdGgsIFN0cmluZyBsaW5rVGFyZ2V0LCBMaW5rVHlwZSBsaW5rVHlwZSkKICAgICAgICB7CiAgICAgICAgICAgIHN3aXRjaCAobGlua1R5cGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGNhc2UgTGlua1R5cGUuU3ltYm9saWNMaW5rOgogICAgICAgICAgICAgICAgICAgIFVJbnQzMiBsaW5rRmxhZ3M7CiAgICAgICAgICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rVGFyZ2V0KTsKICAgICAgICAgICAgICAgICAgICBpZiAoYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICAgICAgICAgIGxpbmtGbGFncyA9IFNZTUJPTElDX0xJTktfRkxBR19ESVJFQ1RPUlk7CiAgICAgICAgICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgICAgICAgICBsaW5rRmxhZ3MgPSBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRTsKCiAgICAgICAgICAgICAgICAgICAgaWYgKCFDcmVhdGVTeW1ib2xpY0xpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIGxpbmtGbGFncykpCiAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZVN5bWJvbGljTGluayh7MH0sIHsxfSwgezJ9KSBmYWlsZWQiLCBsaW5rUGF0aCwgbGlua1RhcmdldCwgbGlua0ZsYWdzKSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkp1bmN0aW9uUG9pbnQ6CiAgICAgICAgICAgICAgICAgICAgQ3JlYXRlSnVuY3Rpb25Qb2ludChsaW5rUGF0aCwgbGlua1RhcmdldCk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkhhcmRMaW5rOgogICAgICAgICAgICAgICAgICAgIGlmICghQ3JlYXRlSGFyZExpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlSGFyZExpbmsoezB9LCB7MX0pIGZhaWxlZCIsIGxpbmtQYXRoLCBsaW5rVGFyZ2V0KSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIExpbmtJbmZvIEdldEhhcmRMaW5rSW5mbyhzdHJpbmcgbGlua1BhdGgpCiAgICAgICAgewogICAgICAgICAgICBVSW50MzIgbWF4UGF0aCA9IDI2MDsKICAgICAgICAgICAgTGlzdDxzdHJpbmc+IHJlc3VsdCA9IG5ldyBMaXN0PHN0cmluZz4oKTsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgc2IgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KW1heFBhdGgpOwogICAgICAgICAgICBVSW50MzIgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgaWYgKCFHZXRWb2x1bWVQYXRoTmFtZShsaW5rUGF0aCwgc2IsIHJlZiBzdHJpbmdMZW5ndGgpKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oIkdldFZvbHVtZVBhdGhOYW1lKCkgZmFpbGVkIik7CiAgICAgICAgICAgIHN0cmluZyB2b2x1bWUgPSBzYi5Ub1N0cmluZygpOwoKICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgSW50UHRyIGZpbmRIYW5kbGUgPSBGaW5kRmlyc3RGaWxlTmFtZVcobGlua1BhdGgsIDAsIHJlZiBzdHJpbmdMZW5ndGgsIHNiKTsKICAgICAgICAgICAgaWYgKGZpbmRIYW5kbGUuVG9JbnQ2NCgpICE9IElOVkFMSURfSEFORExFX1ZBTFVFKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBkbwogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nIGhhcmRMaW5rUGF0aCA9IHNiLlRvU3RyaW5nKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChoYXJkTGlua1BhdGguU3RhcnRzV2l0aCgiXFwiKSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhhcmRMaW5rUGF0aCA9IGhhcmRMaW5rUGF0aC5TdWJzdHJpbmcoMSwgaGFyZExpbmtQYXRoLkxlbmd0aCAtIDEpOwoKICAgICAgICAgICAgICAgICAgICAgICAgcmVzdWx0LkFkZChQYXRoLkNvbWJpbmUodm9sdW1lLCBoYXJkTGlua1BhdGgpKTsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKCiAgICAgICAgICAgICAgICAgICAgfSB3aGlsZSAoRmluZE5leHRGaWxlTmFtZVcoZmluZEhhbmRsZSwgcmVmIHN0cmluZ0xlbmd0aCwgc2IpKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBGaW5kQ2xvc2UoZmluZEhhbmRsZSk7CiAgICAgICAgICAgICAgICB9ICAgICAgICAgICAgICAgIAogICAgICAgICAgICB9CgogICAgICAgICAgICBpZiAocmVzdWx0LkNvdW50ID4gMSkKICAgICAgICAgICAgICAgIHJldHVybiBuZXcgTGlua0luZm8KICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBUeXBlID0gTGlua1R5cGUuSGFyZExpbmssCiAgICAgICAgICAgICAgICAgICAgSGFyZFRhcmdldHMgPSByZXN1bHQuVG9BcnJheSgpCiAgICAgICAgICAgICAgICB9OwoKICAgICAgICAgICAgcmV0dXJuIG51bGw7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBMaW5rSW5mbyBHZXRSZXBhcnNlUG9pbnRJbmZvKHN0cmluZyBsaW5rUGF0aCkKICAgICAgICB7CiAgICAgICAgICAgIFNhZmVGaWxlSGFuZGxlIGZpbGVIYW5kbGUgPSBDcmVhdGVGaWxlKAogICAgICAgICAgICAgICAgbGlua1BhdGgsCiAgICAgICAgICAgICAgICBGaWxlQWNjZXNzLlJlYWQsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuTm9uZSwKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgRmlsZU1vZGUuT3BlbiwKICAgICAgICAgICAgICAgIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgfCBGSUxFX0ZMQUdfQkFDS1VQX1NFTUFOVElDUywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKTsKCiAgICAgICAgICAgIGlmIChmaWxlSGFuZGxlLklzSW52YWxpZCkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZUZpbGUoezB9KSBmYWlsZWQiLCBsaW5rUGF0aCkpOyAgICAgICAgICAgIAoKICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfR0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICAgICAgMCwKICAgICAgICAgICAgICAgICAgICBvdXQgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIE1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgZm9yIGZpbGUgYXQgezB9IiwgbGlua1BhdGgpKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUuRGlzcG9zZSgpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBib29sIGlzUmVsYXRpdmUgPSBmYWxzZTsKICAgICAgICAgICAgaW50IHBhdGhPZmZzZXQgPSAwOwogICAgICAgICAgICBMaW5rVHlwZSBsaW5rVHlwZTsKICAgICAgICAgICAgaWYgKGJ1ZmZlci5SZXBhcnNlVGFnID09IElPX1JFUEFSU0VfVEFHX1NZTUxJTkspCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFVJbnQzMiBidWZmZXJGbGFncyA9IENvbnZlcnQuVG9VSW50MzIoYnVmZmVyLlBhdGhCdWZmZXJbMF0pICsgQ29udmVydC5Ub1VJbnQzMihidWZmZXIuUGF0aEJ1ZmZlclsxXSk7CiAgICAgICAgICAgICAgICBpZiAoYnVmZmVyRmxhZ3MgPT0gU1lNTElOS19GTEFHX1JFTEFUSVZFKQogICAgICAgICAgIC ScriptBlock ID: 1cf6e8e3-386a-407d-ae78-c500a6eda204 Path:	4104	1		3	2	15	0	1750	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3692	3896	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:41 PM	e5295ba9-9827-0000-0d5d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 6): IH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBBZGp1c3RUb2tlblByaXZpbGVnZXMoU2FmZUhhbmRsZSB0b2tlbiwgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gbmV3U3RhdGUpCiAgICAgICAgewogICAgICAgICAgICBib29sIGRpc2FibGVBbGxQcml2aWxlZ2VzOwogICAgICAgICAgICBJbnRQdHIgbmV3U3RhdGVQdHI7CiAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1tdIG9sZFN0YXRlUHJpdmlsZWdlczsKICAgICAgICAgICAgVUludDMyIHJldHVybkxlbmd0aDsKCiAgICAgICAgICAgIGlmIChuZXdTdGF0ZSA9PSBudWxsKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBkaXNhYmxlQWxsUHJpdmlsZWdlcyA9IHRydWU7CiAgICAgICAgICAgICAgICBuZXdTdGF0ZVB0ciA9IEludFB0ci5aZXJvOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZGlzYWJsZUFsbFByaXZpbGVnZXMgPSBmYWxzZTsKCiAgICAgICAgICAgICAgICAvLyBOZWVkIHRvIG1hbnVhbGx5IG1hcnNoYWwgdGhlIGJ5dGVzIHJlcXVpcmVzIGZvciBuZXdTdGF0ZSBhcyB0aGUgY29uc3RhbnQgc2l6ZQogICAgICAgICAgICAgICAgLy8gb2YgTFVJRF9BTkRfQVRUUklCVVRFUyBpcyBzZXQgdG8gMSBhbmQgY2FuJ3QgYmUgb3ZlcnJpZGRlbiBhdCBydW50aW1lLCBUT0tFTl9QUklWSUxFR0VTCiAgICAgICAgICAgICAgICAvLyBhbHdheXMgY29udGFpbnMgYXQgbGVhc3QgMSBlbnRyeSBzbyB3ZSBuZWVkIHRvIGNhbGN1bGF0ZSB0aGUgZXh0cmEgc2l6ZSBpZiB0aGVyZSBhcmUKICAgICAgICAgICAgICAgIC8vIG5vcmUgdGhhbiAxIExVSURfQU5EX0FUVFJJQlVURVMgZW50cnkKICAgICAgICAgICAgICAgIGludCB0b2tlblByaXZpbGVnZXNTaXplID0gTWFyc2hhbC5TaXplT2YodHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgaW50IGx1aWRBdHRyU2l6ZSA9IDA7CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMSkKICAgICAgICAgICAgICAgICAgICBsdWlkQXR0clNpemUgPSBNYXJzaGFsLlNpemVPZih0eXBlb2YoTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTKSkgKiAobmV3U3RhdGUuTGVuZ3RoIC0gMSk7CiAgICAgICAgICAgICAgICBpbnQgdG90YWxTaXplID0gdG9rZW5Qcml2aWxlZ2VzU2l6ZSArIGx1aWRBdHRyU2l6ZTsKICAgICAgICAgICAgICAgIGJ5dGVbXSBuZXdTdGF0ZUJ5dGVzID0gbmV3IGJ5dGVbdG90YWxTaXplXTsKCiAgICAgICAgICAgICAgICAvLyBnZXQgdGhlIGZpcnN0IGVudHJ5IHRoYXQgaW5jbHVkZXMgdGhlIHN0cnVjdCBkZXRhaWxzCiAgICAgICAgICAgICAgICBOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMgdG9rZW5Qcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUygpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgUHJpdmlsZWdlQ291bnQgPSAoVUludDMyKW5ld1N0YXRlLkxlbmd0aCwKICAgICAgICAgICAgICAgICAgICBQcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1sxXSwKICAgICAgICAgICAgICAgIH07CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMCkKICAgICAgICAgICAgICAgICAgICB0b2tlblByaXZpbGVnZXMuUHJpdmlsZWdlc1swXSA9IG5ld1N0YXRlWzBdOwogICAgICAgICAgICAgICAgaW50IG9mZnNldCA9IFN0cnVjdHVyZVRvQnl0ZXModG9rZW5Qcml2aWxlZ2VzLCBuZXdTdGF0ZUJ5dGVzLCAwKTsKCiAgICAgICAgICAgICAgICAvLyBjb3B5IHRoZSByZW1haW5pbmcgTFVJRF9BTkRfQVRUUklCVVRFUyAoaWYgYW55KQogICAgICAgICAgICAgICAgZm9yIChpbnQgaSA9IDE7IGkgPCBuZXdTdGF0ZS5MZW5ndGg7IGkrKykKICAgICAgICAgICAgICAgICAgICBvZmZzZXQgKz0gU3RydWN0dXJlVG9CeXRlcyhuZXdTdGF0ZVtpXSwgbmV3U3RhdGVCeXRlcywgb2Zmc2V0KTsKCiAgICAgICAgICAgICAgICAvLyBmaW5hbGx5IGNyZWF0ZSB0aGUgcG9pbnRlciB0byB0aGUgYnl0ZSBhcnJheSB3ZSBqdXN0IGNyZWF0ZWQKICAgICAgICAgICAgICAgIG5ld1N0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwobmV3U3RhdGVCeXRlcy5MZW5ndGgpOwogICAgICAgICAgICAgICAgTWFyc2hhbC5Db3B5KG5ld1N0YXRlQnl0ZXMsIDAsIG5ld1N0YXRlUHRyLCBuZXdTdGF0ZUJ5dGVzLkxlbmd0aCk7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBJbnRQdHIgaFRva2VuID0gSW50UHRyLlplcm87CiAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuT3BlblByb2Nlc3NUb2tlbih0b2tlbiwgVG9rZW5BY2Nlc3NMZXZlbHMuUXVlcnkgfCBUb2tlbkFjY2Vzc0xldmVscy5BZGp1c3RQcml2aWxlZ2VzLCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIk9wZW5Qcm9jZXNzVG9rZW4oKSBmYWlsZWQgd2l0aCBRdWVyeSBhbmQgQWRqdXN0UHJpdmlsZWdlcyIpOwogICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgSW50UHRyIG9sZFN0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoMCk7CiAgICAgICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkFkanVzdFRva2VuUHJpdmlsZWdlcyhoVG9rZW4sIGRpc2FibGVBbGxQcml2aWxlZ2VzLCBuZXdTdGF0ZVB0ciwgMCwgb2xkU3RhdGVQdHIsIG91dCByZXR1cm5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChlcnJDb2RlICE9IDEyMikgLy8gRVJST1JfSU5TVUZGSUNJRU5UX0JVRkZFUgogICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKGVyckNvZGUsICJBZGp1c3RUb2tlblByaXZpbGVnZXMoKSBmYWlsZWQgdG8gZ2V0IG9sZCBzdGF0ZSBzaXplIik7CiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAvLyByZXNpemUgdGhlIG9sZFN0YXRlUHRyIGJhc2VkIG9uIHRoZSBsZW5ndGggcmV0dXJuZWQgZnJvbSBXaW5kb3dzCiAgICAgICAgICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChvbGRTdGF0ZVB0cik7CiAgICAgICAgICAgICAgICAgICAgb2xkU3RhdGVQdHIgPSBNYXJzaGFsLkFsbG9jSEdsb2JhbCgoaW50KXJldHVybkxlbmd0aCk7CiAgICAgICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBib29sIHJlcyA9IE5hdGl2ZU1ldGhvZHMuQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGhUb2tlbiwgZGlzYWJsZUFsbFByaXZpbGVnZXMsIG5ld1N0YXRlUHRyLCByZXR1cm5MZW5ndGgsIG9sZFN0YXRlUHRyLCBvdXQgcmV0dXJuTGVuZ3RoKTsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBldmVuIHdoZW4gcmVzID09IHRydWUsIEVSUk9SX05PVF9BTExfQVNTSUdORUQgbWF5IGJlIHNldCBhcyB0aGUgbGFzdCBlcnJvciBjb2RlCiAgICAgICAgICAgICAgICAgICAgICAgIGlmICghcmVzIHx8IGVyckNvZGUgIT0gMCkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihlcnJDb2RlLCAiQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKCkgZmFpbGVkIik7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBNYXJzaGFsIHRoZSBvbGRTdGF0ZVB0ciB0byB0aGUgc3RydWN0CiAgICAgICAgICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUyBvbGRTdGF0ZSA9IChOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShvbGRTdGF0ZVB0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgICAgICBvbGRTdGF0ZVByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW29sZFN0YXRlLlByaXZpbGVnZUNvdW50XTsKICAgICAgICAgICAgICAgICAgICAgICAgUHRyVG9TdHJ1Y3R1cmVBcnJheShvbGRTdGF0ZVByaXZpbGVnZXMsIEludFB0ci5BZGQob2xkU3RhdGVQdHIsIE1hcnNoYWwuU2l6ZU9mKG9sZFN0YXRlLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBNYXJzaGFsLkZyZWVIR2xvYmFsKG9sZFN0YXRlUHRyKTsKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5DbG9zZUhhbmRsZShoVG9rZW4pOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaWYgKG5ld1N0YXRlUHRyICE9IEludFB0ci5aZXJvKQogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwobmV3U3RhdGVQdHIpOwogICAgICAgICAgICB9CgogICAgICAgICAgICByZXR1cm4gb2xkU3RhdGVQcml2aWxlZ2VzLlRvRGljdGlvbmFyeShwID0+IEdldFByaXZpbGVnZU5hbWUocC5MdWlkKSwgcCA9PiAoYm9vbD8pcC5BdHRyaWJ1dGVzLkhhc0ZsYWcoUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBzdHJpbmcgR2V0UHJpdmlsZWdlTmFtZShOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZCkKICAgICAgICB7CiAgICAgICAgICAgIFVJbnQzMiBuYW1lTGVuID0gMDsKICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5Mb29rdXBQcml2aWxlZ2VOYW1lKG51bGwsIHJlZiBsdWlkLCBudWxsLCByZWYgbmFtZUxlbik7CgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIG5hbWUgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KShuYW1lTGVuICsgMSkpOwogICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuTG9va3VwUHJpdmlsZWdlTmFtZShudWxsLCByZWYgbHVpZCwgbmFtZSwgcmVmIG5hbWVMZW4pKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJMb29rdXBQcml2aWxlZ2VOYW1lKCkgZmFpbGVkIik7CgogICAgICAgICAgICByZXR1cm4gbmFtZS5Ub1N0cmluZygpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBQdHJUb1N0cnVjdHVyZUFycmF5PFQ+KFRbXSBhcnJheSwgSW50UHRyIHB0cikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBwdHJPZmZzZXQgPSBwdHI7CiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYXJyYXkuTGVuZ3RoOyBpKyssIHB0ck9mZnNldCA9IEludFB0ci5BZGQocHRyT2Zmc2V0LCBNYXJzaGFsLlNpemVPZih0eXBlb2YoVCkpKSkKICAgICAgICAgICAgICAgIGFycmF5W2ldID0gKFQpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShwdHJPZmZzZXQsIHR5cGVvZihUKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBpbnQgU3RydWN0dXJlVG9CeXRlczxUPihUIHN0cnVjdHVyZSwgYnl0ZVtdIGFycmF5LCBpbnQgb2Zmc2V0KQogICAgICAgIHsKICAgICAgICAgICAgaW50IHNpemUgPSBNYXJzaGFsLlNpemVPZihzdHJ1Y3R1cmUpOwogICAgICAgICAgICBJbnRQdHIgc3RydWN0UHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoc2l6ZSk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBNYXJzaGFsLlN0cnVjdHVyZVRvUHRyKHN0cnVjdHVyZSwgc3RydWN0UHRyLCBmYWxzZSk7CiAgICAgICAgICAgICAgICBNYXJzaGFsLkNvcHkoc3RydWN0UHRyLCBhcnJheSwgb2Zmc2V0LCBzaXplKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwoc3RydWN0UHRyKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgcmV0dXJuIHNpemU7CiAgICAgICAgfQogICAgfQp9CidACgpGdW5jdGlvbiBJbXBvcnQtUHJpdmlsZWdlVXRpbCB7CiAgICA8IwogICAgLlNZTk9QU0lTCiAgICBDb21waWxlcyB0aGUgQyMgY29kZSB0aGF0IGNhbiBiZSB1c2VkIHRvIG1hbmFnZSBXaW5kb3dzIHByaXZpbGVnZXMgZnJvbSBhbgogICAgQW5zaWJsZSBtb2R1bGUuIE9uY2UgdGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQsIHRoZSBmb2xsb3dpbmcgUG93ZXJTaGVsbAogICAgY21kbGV0cyBjYW4gYmUgdXNlZDsKCiAgICAgICAgR2V0LUFuc2libGVQcml2aWxlZ2UKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZQoKICAgIFRoZSBhYm92ZSBjbWRsZXRzIGdpdmUgdGhlIGFiaWxpdHkgdG8gbWFuYWdlIHBlcm1pc3Npb25zIG9uIHRoZSBjdXJyZW50CiAgICBwcm9jZXNzIHRva2VuIGJ1dCB0aGUgdW5kZXJseWluZyAuTkVUIGNsYXNzZXMgYXJlIGFsc28gZXhwb3NlZCBmb3IgZ3JlYXRlcgogICAgY29udHJvbC4gVGhlIGZvbGxvd2luZyBmdW5jdGlvbnMgY2FuIGJlIHVzZWQgYnkgY2FsbGluZyB0aGUgLk5FVCBjbGFzcwoKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkbmFtZSkKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkRpc2FibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6RGlzYWJsZUFsbFByaXZpbGVnZXMoJHByb2Nlc3MpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpFbmFibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2VzcykKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OlJlbW92ZVByaXZpbGVnZSgkcHJvY2VzcywgJG5hbWUpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3MsICRuZXdfc3RhdGUpCgogICAgSGVyZSBpcyBhIGJyaWVmIGV4cGxhbmF0aW9uIG9mIGVhY2ggdHlwZSBvZiBhcmcKICAgICRwcm9jZXNzID0gVGhlIHByb2Nlc3MgaGFuZGxlIHRvIG1hbmlwdWxhdGUsIHVzZSAnW0Fuc2libGUuUHJpdmlsZWdlVXRpbHMuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCknIHRvIGdldCB0aGUgY3VycmVudCBwcm9jZXNzIGhhbmRsZQogICAgJG5hbWUgPSBUaGUgbmFtZSBvZiB0aGUgcHJpdmlsZWdlLCB0aGlzIGlzIHRoZSBjb25zdGFudCB2YWx1ZSBmcm9tIGh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3dpbmRvd3MvZGVza3RvcC9TZWNBdXRoWi9wcml2aWxlZ2UtY29uc3RhbnRzLCBlLmcuIFNlQXVkaXRQcml2aWxlZ2UKICAgICRuZXdfc3RhdGUgPSAnU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nXSwgW1N5c3RlbS5OdWxsYWJsZWAxW1N5c3RlbS5Cb29sZWFuXV1dJwogICAgICAgIFRoZSBrZXkgaXMgdGhlIGNvbnN0YW50IG5hbWUgYXMgYSBzdHJpbmcsIHRoZSB2YWx1ZSBpcyBhIHRlcm5hcnkgYm9vbGVhbiB3aGVyZQogICAgICAgICAgICB0cnVlIC0gd2lsbCBlbmFibGUgdGhlIHByaXZpbGVnZQogICAgICAgICAgICBmYWxzZSAtIHdpbGwgZGlzYWJsZSB0aGUgcHJpdmlsZWdlCiAgICAgICAgICAgIG51bGwgLSB3aWxsIHJlbW92ZSB0aGUgcHJpdmlsZWdlCgogICAgRWFjaCBtZXRob2QgdGhhdCBjaGFuZ2VzIHRoZSBwcml2aWxlZ2Ugc3RhdGUgd2lsbCByZXR1cm4gYSBkaWN0aW9uYXJ5IHRoYXQKICAgIGNhbiBiZSB1c2VkIGFzIHRoZSAkbmV3X3N0YXRlIGFyZyBvZiBTZXRUb2tlblByaXZpbGVnZXMgdG8gdW5kbyBhbmQgcmV2ZXJ0CiAgICBiYWNrIHRvIHRoZSBvcmlnaW5hbCBzdGF0ZS4gSWYgeW91IHJlbW92ZSBhIHByaXZpbGVnZSB0aGVuIHRoaXMgaXMKICAgIGlycmV2ZXJzaWJsZSBhbmQgd29uJ3QgYmUgcGFydCBvZiB0aGUgcmV0dXJuZWQgZGljdAogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICAjIGJ1aWxkIHRoZSBDIyBjb2RlIHRvIGNvbXBpbGUKICAgICRuYW1lc3BhY2VfaW1wb3J0ID0gKCRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX25hbWVzcGFjZXMgfCBGb3JFYWNoLU9iamVjdCB7ICJ1c2luZyAkXzsiIH0pIC1qb2luICJgcmBuIgogICAgJHBsYXRmb3JtX3V0aWwgPSAiJG5hbWVzcGFjZV9pbXBvcnRgcmBuYHJgbiRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGUiCgogICAgIyBGVVRVUkU6IGZpbmQgYSBiZXR0ZXIgd2F5IHRvIGdldCB0aGUgX2Fuc2libGVfcmVtb3RlX3RtcCB2YXJpYWJsZQogICAgIyB0aGlzIGlzIHVzZWQgdG8gZm9yY2UgY3NjIHRvIGNvbXBpbGUgdGhlIEMjIGNvZGUgaW4gdGhlIHJlbW90ZSB0bXAKICAgICMgc3BlY2lmaWVkCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwbGF0Zm9ybV91dGlsCiAgICAkZW52OlRNUCA9ICRvcmlnaW5hbF90bXAKfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQcml2aWxlZ2UgewogICAgPCMKICAgIC5TWU5PUFNJUwogICAgR2V0IHRoZSBzdGF0dXMgb2YgYSBwcml2aWxlZ2UgZm9yIHRoZSBjdXJyZW50IHByb2Nlc3MuIFRoaXMgcmV0dXJucwogICAgICAgICR0cnVlIC0gdGhlIHByaXZpbGVnZSBpcyBlbmFibGVkCiAgICAgICAgJGZhbHNlIC0gdGhlIHByaXZpbGVnZSBpcyBkaXNhYmxlZAogICAgICAgICRudWxsIC0gdGhlIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gdGhlIHRva2VuCgogICAgSWYgTmFtZSBpcyBub3QgYSB2YWxpZCBwcml2aWxlZ2UgbmFtZSwgdGhpcyB3aWxsIHRocm93IGFuCiAgICBBcmd1bWVudEV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VEZWJ1Z1ByaXZpbGVnZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZQogICAgKQoKICAgIGlmICgtbm90IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkTmFtZSkpIHsKICAgICAgICB0aHJvdyBbU3lzdGVtLkFyZ3VtZW50RXhjZXB0aW9uXSAiSW52YWxpZCBwcml2aWxlZ2UgbmFtZSAnJE5hbWUnIgogICAgfQoKICAgICRwcm9jZXNzX3Rva2VuID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0Q3VycmVudFByb2Nlc3MoKQogICAgJHByaXZpbGVnZV9pbmZvID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2Vzc190b2tlbikKICAgIGlmICgkcHJpdmlsZWdlX2luZm8uQ29udGFpbnNLZXkoJE5hbWUpKSB7CiAgICAgICAgJHN0YXR1cyA9ICRwcml2aWxlZ2VfaW5mby4kTmFtZQogICAgICAgIHJldHVybiAkc3RhdHVzLkhhc0ZsYWcoW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VBdHRyaWJ1dGVzXTo6RW5hYmxlZCkKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRudWxsCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1BbnNpYmxlUHJpdmlsZWdlIHsKICAgIDwjCiAgICAuU1lOT1BTSVMKICAgIEVuYWJsZXMvRGlzYWJsZXMgYSBwcml2aWxlZ2Ugb24gdGhlIGN1cnJlbnQgcHJvY2VzcycgdG9rZW4uIElmIGEgcHJpdmlsZWdlCiAgICBoYXMgYmVlbiByZW1vdmVkIGZyb20gdGhlIHByb2Nlc3MgdG9rZW4sIHRoaXMgd2lsbCB0aHJvdyBhbgogICAgSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgIyBlbmFibGUgYSBwcml2aWxlZ2UKICAgIFNldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQ3JlYXRlU3ltYm9saWNMaW5rUHJpdmlsZWdlIC1WYWx1ZSAkdHJ1ZQoKICAgICMgZGlzYWJsZSBhIHByaXZpbGVnZQogICAgU2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VDcmVhdGVTeW1ib2xpY0xpbmtQcml2aWxlZ2UgLVZhbHVlICRmYWxzZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKFN1cHBvcnRzU2hvdWxkUHJvY2VzcyldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZSwKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW2Jvb2xdJFZhbHVlCiAgICApCgogICAgJGFjdGlvbiA9IHN3aXRjaCgkVmFsdWUpIHsKICAgICAgICAkdHJ1ZSB7ICJFbmFibGUiIH0KICAgICAgICAkZmFsc2UgeyAiRGlzYWJsZSIgfQogICAgfQoKICAgICRjdXJyZW50X3N0YXRlID0gR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgJE5hbWUKICAgIGlmICgkY3VycmVudF9zdGF0ZSAtZXEgJFZhbHVlKSB7CiAgICAgICAgcmV0dXJuICAjIG5vIGNoYW5nZSBuZWVkcyB0byBvY2N1cgogICAgfSBlbHNlaWYgKCRudWxsIC1lcSAkY3VycmVudF9zdGF0ZSkgewogICAgICAgICMgb25jZSBhIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gYSB0b2tlbiB3ZSBjYW5ub3QgZG8gYW55dGhpbmcgd2l0aCBpdAogICAgICAgIHRocm93IFtTeXN0ZW0uSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbl0gIkNhbm5vdCAkKCRhY3Rpb24uVG9Mb3dlcigpKSB0aGUgcHJpdmlsZWdlICckTmFtZScgYXMgaXQgaGFzIGJlZW4gcmVtb3ZlZCBmcm9tIHRoZSB0b2tlbiIKICAgIH0KCiAgICAkcHJvY2Vzc190b2tlbiA9IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCkKICAgIGlmICgkUFNDbWRsZXQuU2hvdWxkUHJvY2VzcygkTmFtZSwgIiRhY3Rpb24gdGhlIHByaXZpbGVnZSAkTmFtZSIpKSB7CiAgICAgICAgJG5ld19zdGF0ZSA9IE5ldy1PYmplY3QgLVR5cGVOYW1lICdTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmddLCBbU3lzdGVtLk51bGx ScriptBlock ID: 1cf6e8e3-386a-407d-ae78-c500a6eda204 Path:	4104	1		3	2	15	0	1749	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3692	3896	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:41 PM	e5295ba9-9827-0000-0d5d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 6): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.PrivilegeUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTggQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiMgc3RvcmUgaW4gc2VwYXJhdGUgdmFyaWFibGVzIHRvIG1ha2UgaXQgZWFzaWVyIGZvciBvdGhlciBtb2R1bGVfdXRpbHMgdG8KIyBzaGFyZSB0aGlzIGNvZGUgaW4gdGhlaXIgb3duIGMjIGNvZGUKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfbmFtZXNwYWNlcyA9IEAoCiAgICAiTWljcm9zb2Z0LldpbjMyLlNhZmVIYW5kbGVzIiwKICAgICJTeXN0ZW0iLAogICAgIlN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljIiwKICAgICJTeXN0ZW0uTGlucSIsCiAgICAiU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzIiwKICAgICJTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsIiwKICAgICJTeXN0ZW0uVGV4dCIKKQoKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfY29kZSA9IEAnCm5hbWVzcGFjZSBBbnNpYmxlLlByaXZpbGVnZVV0aWwKewogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gUHJpdmlsZWdlQXR0cmlidXRlcyA6IHVpbnQKICAgIHsKICAgICAgICBEaXNhYmxlZCA9IDB4MDAwMDAwMDAsCiAgICAgICAgRW5hYmxlZEJ5RGVmYXVsdCA9IDB4MDAwMDAwMDEsCiAgICAgICAgRW5hYmxlZCA9IDB4MDAwMDAwMDIsCiAgICAgICAgUmVtb3ZlZCA9IDB4MDAwMDAwMDQsCiAgICAgICAgVXNlZEZvckFjY2VzcyA9IDB4ODAwMDAwMDAsCiAgICB9CgogICAgaW50ZXJuYWwgY2xhc3MgTmF0aXZlSGVscGVycwogICAgewogICAgICAgIFtTdHJ1Y3RMYXlvdXQoTGF5b3V0S2luZC5TZXF1ZW50aWFsKV0KICAgICAgICBpbnRlcm5hbCBzdHJ1Y3QgTFVJRAogICAgICAgIHsKICAgICAgICAgICAgcHVibGljIFVJbnQzMiBMb3dQYXJ0OwogICAgICAgICAgICBwdWJsaWMgSW50MzIgSGlnaFBhcnQ7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IExVSURfQU5EX0FUVFJJQlVURVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBMVUlEIEx1aWQ7CiAgICAgICAgICAgIHB1YmxpYyBQcml2aWxlZ2VBdHRyaWJ1dGVzIEF0dHJpYnV0ZXM7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IFRPS0VOX1BSSVZJTEVHRVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBVSW50MzIgUHJpdmlsZWdlQ291bnQ7CiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5CeVZhbEFycmF5LCBTaXplQ29uc3QgPSAxKV0KICAgICAgICAgICAgcHVibGljIExVSURfQU5EX0FUVFJJQlVURVNbXSBQcml2aWxlZ2VzOwogICAgICAgIH0KICAgIH0KCiAgICBpbnRlcm5hbCBjbGFzcyBOYXRpdmVNZXRob2RzCiAgICB7CiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIEFkanVzdFRva2VuUHJpdmlsZWdlcygKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuQm9vbCldIGJvb2wgRGlzYWJsZUFsbFByaXZpbGVnZXMsCiAgICAgICAgICAgIEludFB0ciBOZXdTdGF0ZSwKICAgICAgICAgICAgVUludDMyIEJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgSW50UHRyIFByZXZpb3VzU3RhdGUsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIENsb3NlSGFuZGxlKAogICAgICAgICAgICBJbnRQdHIgaE9iamVjdCk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBTYWZlV2FpdEhhbmRsZSBHZXRDdXJyZW50UHJvY2VzcygpOwoKICAgICAgICBbRGxsSW1wb3J0KCJhZHZhcGkzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgR2V0VG9rZW5JbmZvcm1hdGlvbigKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBVSW50MzIgVG9rZW5JbmZvcm1hdGlvbkNsYXNzLAogICAgICAgICAgICBJbnRQdHIgVG9rZW5JbmZvcm1hdGlvbiwKICAgICAgICAgICAgVUludDMyIFRva2VuSW5mb3JtYXRpb25MZW5ndGgsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZU5hbWUoCiAgICAgICAgICAgIHN0cmluZyBscFN5c3RlbU5hbWUsCiAgICAgICAgICAgIHJlZiBOYXRpdmVIZWxwZXJzLkxVSUQgbHBMdWlkLAogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGxwTmFtZSwKICAgICAgICAgICAgcmVmIFVJbnQzMiBjY2hOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZVZhbHVlKAogICAgICAgICAgICBzdHJpbmcgbHBTeXN0ZW1OYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBOYW1lLAogICAgICAgICAgICBvdXQgTmF0aXZlSGVscGVycy5MVUlEIGxwTHVpZCk7CgogICAgICAgIFtEbGxJbXBvcnQoImFkdmFwaTMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBPcGVuUHJvY2Vzc1Rva2VuKAogICAgICAgICAgICBTYWZlSGFuZGxlIFByb2Nlc3NIYW5kbGUsCiAgICAgICAgICAgIFRva2VuQWNjZXNzTGV2ZWxzIERlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIG91dCBJbnRQdHIgVG9rZW5IYW5kbGUpOwogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KICAgICAgICBwdWJsaWMgV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQogICAgICAgIHB1YmxpYyBvdmVycmlkZSBzdHJpbmcgTWVzc2FnZSB7IGdldCB7IHJldHVybiBfbXNnOyB9IH0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4cGxpY2l0IG9wZXJhdG9yIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgV2luMzJFeGNlcHRpb24obWVzc2FnZSk7IH0KICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgUHJpdmlsZWdlcwogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IFVJbnQzMiBUT0tFTl9QUklWSUxFR0VTID0gMzsKCgogICAgICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBDaGVja1ByaXZpbGVnZU5hbWUoc3RyaW5nIG5hbWUpCiAgICAgICAgewogICAgICAgICAgICBOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZDsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIG5hbWUsIG91dCBsdWlkKSkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICBpZiAoZXJyQ29kZSAhPSAxMzEzKSAgLy8gRVJST1JfTk9fU1VDSF9QUklWSUxFR0UKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oZXJyQ29kZSwgU3RyaW5nLkZvcm1hdCgiTG9va3VwUHJpdmlsZWdlVmFsdWUoezB9KSBmYWlsZWQiLCBuYW1lKSk7CiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICByZXR1cm4gdHJ1ZTsKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IERpc2FibGVQcml2aWxlZ2UoU2FmZUhhbmRsZSB0b2tlbiwgc3RyaW5nIHByaXZpbGVnZSkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgZmFsc2UgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBEaXNhYmxlQWxsUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuKQogICAgICAgIHsKICAgICAgICAgICAgcmV0dXJuIEFkanVzdFRva2VuUHJpdmlsZWdlcyh0b2tlbiwgbnVsbCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIERpY3Rpb25hcnk8c3RyaW5nLCBib29sPz4gRW5hYmxlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICByZXR1cm4gU2V0VG9rZW5Qcml2aWxlZ2VzKHRva2VuLCBuZXcgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PigpIHsgeyBwcml2aWxlZ2UsIHRydWUgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IEdldEFsbFByaXZpbGVnZUluZm8oU2FmZUhhbmRsZSB0b2tlbikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBoVG9rZW4gPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLk9wZW5Qcm9jZXNzVG9rZW4odG9rZW4sIFRva2VuQWNjZXNzTGV2ZWxzLlF1ZXJ5LCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiT3BlblByb2Nlc3NUb2tlbigpIGZhaWxlZCIpOwoKICAgICAgICAgICAgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IGluZm8gPSBuZXcgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+KCk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBVSW50MzIgdG9rZW5MZW5ndGggPSAwOwogICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5HZXRUb2tlbkluZm9ybWF0aW9uKGhUb2tlbiwgVE9LRU5fUFJJVklMRUdFUywgSW50UHRyLlplcm8sIDAsIG91dCB0b2tlbkxlbmd0aCk7CgogICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlczsKICAgICAgICAgICAgICAgIEludFB0ciBwcml2aWxlZ2VzUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoKGludCl0b2tlbkxlbmd0aCk7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuR2V0VG9rZW5JbmZvcm1hdGlvbihoVG9rZW4sIFRPS0VOX1BSSVZJTEVHRVMsIHByaXZpbGVnZXNQdHIsIHRva2VuTGVuZ3RoLCBvdXQgdG9rZW5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkdldFRva2VuSW5mb3JtYXRpb24oKSBmb3IgVE9LRU5fUFJJVklMRUdFUyBmYWlsZWQiKTsKCiAgICAgICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTIHByaXZpbGVnZUluZm8gPSAoTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTKU1hcnNoYWwuUHRyVG9TdHJ1Y3R1cmUocHJpdmlsZWdlc1B0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgIHByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW3ByaXZpbGVnZUluZm8uUHJpdmlsZWdlQ291bnRdOwogICAgICAgICAgICAgICAgICAgIFB0clRvU3RydWN0dXJlQXJyYXkocHJpdmlsZWdlcywgSW50UHRyLkFkZChwcml2aWxlZ2VzUHRyLCBNYXJzaGFsLlNpemVPZihwcml2aWxlZ2VJbmZvLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwocHJpdmlsZWdlc1B0cik7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgaW5mbyA9IHByaXZpbGVnZXMuVG9EaWN0aW9uYXJ5KHAgPT4gR2V0UHJpdmlsZWdlTmFtZShwLkx1aWQpLCBwID0+IHAuQXR0cmlidXRlcyk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBOYXRpdmVNZXRob2RzLkNsb3NlSGFuZGxlKGhUb2tlbik7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcmV0dXJuIGluZm87CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIFNhZmVXYWl0SGFuZGxlIEdldEN1cnJlbnRQcm9jZXNzKCkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBOYXRpdmVNZXRob2RzLkdldEN1cnJlbnRQcm9jZXNzKCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgUmVtb3ZlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgbnVsbCB9IH0pOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IFNldFRva2VuUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuLCBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IHN0YXRlKQogICAgICAgIHsKICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlQXR0ciA9IG5ldyBOYXRpdmVIZWxwZXJzLkxVSURfQU5EX0FUVFJJQlVURVNbc3RhdGUuQ291bnRdOwogICAgICAgICAgICBpbnQgaSA9IDA7CgogICAgICAgICAgICBmb3JlYWNoIChLZXlWYWx1ZVBhaXI8c3RyaW5nLCBib29sPz4gZW50cnkgaW4gc3RhdGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRCBsdWlkOwogICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIGVudHJ5LktleSwgb3V0IGx1aWQpKQogICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJMb29rdXBQcml2aWxlZ2VWYWx1ZSh7MH0pIGZhaWxlZCIsIGVudHJ5LktleSkpOwoKICAgICAgICAgICAgICAgIFByaXZpbGVnZUF0dHJpYnV0ZXMgYXR0cmlidXRlczsKICAgICAgICAgICAgICAgIHN3aXRjaCAoZW50cnkuVmFsdWUpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgY2FzZSB0cnVlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkOwogICAgICAgICAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgICAgICAgICBjYXNlIGZhbHNlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5EaXNhYmxlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICAgICAgZGVmYXVsdDoKICAgICAgICAgICAgICAgICAgICAgICAgYXR0cmlidXRlcyA9IFByaXZpbGVnZUF0dHJpYnV0ZXMuUmVtb3ZlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgcHJpdmlsZWdlQXR0cltpXS5MdWlkID0gbHVpZDsKICAgICAgICAgICAgICAgIHByaXZpbGVnZUF0dHJbaV0uQXR0cmlidXRlcyA9IGF0dHJpYnV0ZXM7CiAgICAgICAgICAgICAgICBpKys7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHJldHVybiBBZGp1c3RUb2tlblByaXZpbGVnZXModG9rZW4sIHByaXZpbGVnZUF0dHIpOwogICAgICAg ScriptBlock ID: 1cf6e8e3-386a-407d-ae78-c500a6eda204 Path:	4104	1		3	2	15	0	1748	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3692	3896	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:41 PM	e5295ba9-9827-0000-0d5d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1747	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3692	4016	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:41 PM	e5295ba9-9827-0004-965c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3692 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1746	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3692	4404	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:41 PM	e5295ba9-9827-0004-965c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1745	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3692	4016	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:41 PM	e5295ba9-9827-0004-965c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1744	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2248	2256	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:39 PM	e5295ba9-9827-0004-945c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2248 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1743	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2248	3720	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:39 PM	e5295ba9-9827-0004-945c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1742	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2248	2256	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:39 PM	e5295ba9-9827-0004-945c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = fa29184a-8b70-4c6e-9465-78b68259416c Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 5b40a159-fd21-4cdb-a628-b98f30cb3478 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1741	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	672	1824	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:39 PM	e5295ba9-9827-0001-6c5d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: f792b351-4bc6-4e4e-9bdd-bbb645a87e7e Path:	4104	1		3	2	15	0	1740	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	672	1300	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:38 PM	e5295ba9-9827-0000-fd5c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 49bc1b03-5806-4f5e-8585-ec4cdb05dfde Path:	4104	1		3	2	15	0	1739	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	672	1300	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:38 PM	e5295ba9-9827-0005-e85c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: a8e7bfe0-efa5-44e0-9652-4a9bfdd085e4 Path:	4104	1		3	2	15	0	1738	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	672	1300	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:38 PM	e5295ba9-9827-0005-d95c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): ICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "Get-Service nova-compute | %{$_.Status}", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: bbfa2053-0065-48c6-9598-e3377a594c9a Path:	4104	1		3	2	15	0	1737	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	672	1300	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:38 PM	e5295ba9-9827-0000-f55c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): CAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAg ScriptBlock ID: bbfa2053-0065-48c6-9598-e3377a594c9a Path:	4104	1		3	2	15	0	1736	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	672	1300	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:38 PM	e5295ba9-9827-0000-f55c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): KICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogI ScriptBlock ID: bbfa2053-0065-48c6-9598-e3377a594c9a Path:	4104	1		3	2	15	0	1735	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	672	1300	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:38 PM	e5295ba9-9827-0000-f55c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQo ScriptBlock ID: bbfa2053-0065-48c6-9598-e3377a594c9a Path:	4104	1		3	2	15	0	1734	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	672	1300	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:38 PM	e5295ba9-9827-0000-f55c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1733	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	672	492	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:38 PM	e5295ba9-9827-0003-985d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 672 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1732	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	672	1148	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:38 PM	e5295ba9-9827-0003-985d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1731	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	672	492	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:38 PM	e5295ba9-9827-0003-985d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.Linq; using System.Runtime.InteropServices; using System.Security.Principal; using System.Text; namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = ff6823f3-0a6d-4cd0-a8ba-7f2533b75e75 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 5df928ac-a850-4186-9cbf-87609a799bd6 Pipeline ID = 8 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 36 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1730	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3220	992	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:37 PM	e5295ba9-9827-0004-865c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = ff6823f3-0a6d-4cd0-a8ba-7f2533b75e75 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 5df928ac-a850-4186-9cbf-87609a799bd6 Pipeline ID = 8 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1729	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3220	992	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:36 PM	e5295ba9-9827-0004-825c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: f46df3e2-9f86-4495-bc53-70bc7d16fc28 Path:	4104	1		3	2	15	0	1728	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3220	4624	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:36 PM	e5295ba9-9827-0001-345d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): egeName($Name)) { throw [System.ArgumentException] "Invalid privilege name '$Name'" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() $privilege_info = [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process_token) if ($privilege_info.ContainsKey($Name)) { $status = $privilege_info.$Name return $status.HasFlag([Ansible.PrivilegeUtil.PrivilegeAttributes]::Enabled) } else { return $null } } Function Set-AnsiblePrivilege { <# .SYNOPSIS Enables/Disables a privilege on the current process' token. If a privilege has been removed from the process token, this will throw an InvalidOperationException. .EXAMPLE # enable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $true # disable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $false #> [CmdletBinding(SupportsShouldProcess)] param( [Parameter(Mandatory=$true)][String]$Name, [Parameter(Mandatory=$true)][bool]$Value ) $action = switch($Value) { $true { "Enable" } $false { "Disable" } } $current_state = Get-AnsiblePrivilege -Name $Name if ($current_state -eq $Value) { return # no change needs to occur } elseif ($null -eq $current_state) { # once a privilege is removed from a token we cannot do anything with it throw [System.InvalidOperationException] "Cannot $($action.ToLower()) the privilege '$Name' as it has been removed from the token" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() if ($PSCmdlet.ShouldProcess($Name, "$action the privilege $Name")) { $new_state = New-Object -TypeName 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' $new_state.Add($Name, $Value) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process_token, $new_state) > $null } } Export-ModuleMember -Function Import-PrivilegeUtil, Get-AnsiblePrivilege, Set-AnsiblePrivilege ` -Variable ansible_privilege_util_namespaces, ansible_privilege_util_code ScriptBlock ID: 2bc776a1-2ef6-4276-9925-78c1efcfae84 Path:	4104	1		3	2	15	0	1727	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3220	4624	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:36 PM	e5295ba9-9827-0001-305d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): # Copyright (c) 2018 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) # store in separate variables to make it easier for other module_utils to # share this code in their own c# code $ansible_privilege_util_namespaces = @( "Microsoft.Win32.SafeHandles", "System", "System.Collections.Generic", "System.Linq", "System.Runtime.InteropServices", "System.Security.Principal", "System.Text" ) $ansible_privilege_util_code = @' namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } } '@ Function Import-PrivilegeUtil { <# .SYNOPSIS Compiles the C# code that can be used to manage Windows privileges from an Ansible module. Once this function is called, the following PowerShell cmdlets can be used; Get-AnsiblePrivilege Set-AnsiblePrivilege The above cmdlets give the ability to manage permissions on the current process token but the underlying .NET classes are also exposed for greater control. The following functions can be used by calling the .NET class [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($name) [Ansible.PrivilegeUtil.Privileges]::DisablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::DisableAllPrivileges($process) [Ansible.PrivilegeUtil.Privileges]::EnablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process) [Ansible.PrivilegeUtil.Privileges]::RemovePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process, $new_state) Here is a brief explanation of each type of arg $process = The process handle to manipulate, use '[Ansible.PrivilegeUtils.Privileges]::GetCurrentProcess()' to get the current process handle $name = The name of the privilege, this is the constant value from https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants, e.g. SeAuditPrivilege $new_state = 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' The key is the constant name as a string, the value is a ternary boolean where true - will enable the privilege false - will disable the privilege null - will remove the privilege Each method that changes the privilege state will return a dictionary that can be used as the $new_state arg of SetTokenPrivileges to undo and revert back to the original state. If you remove a privilege then this is irreversible and won't be part of the returned dict #> [CmdletBinding()] # build the C# code to compile $namespace_import = ($ansible_privilege_util_namespaces | ForEach-Object { "using $_;" }) -join "`r`n" $platform_util = "$namespace_import`r`n`r`n$ansible_privilege_util_code" # FUTURE: find a better way to get the _ansible_remote_tmp variable # this is used to force csc to compile the C# code in the remote tmp # specified $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $platform_util $env:TMP = $original_tmp } Function Get-AnsiblePrivilege { <# .SYNOPSIS Get the status of a privilege for the current process. This returns $true - the privilege is enabled $false - the privilege is disabled $null - the privilege is removed from the token If Name is not a valid privilege name, this will throw an ArgumentException. .EXAMPLE Get-AnsiblePrivilege -Name SeDebugPrivilege #> [CmdletBinding()] param( [Parameter(Mandatory=$true)][String]$Name ) if (-not [Ansible.PrivilegeUtil.Privileges]::CheckPrivil ScriptBlock ID: 2bc776a1-2ef6-4276-9925-78c1efcfae84 Path:	4104	1		3	2	15	0	1726	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3220	4624	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:36 PM	e5295ba9-9827-0001-305d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) #Requires -Module Ansible.ModuleUtils.PrivilegeUtil Function Load-LinkUtils() { $link_util = @' using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } } '@ # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $link_util $env:TMP = $original_tmp Import-PrivilegeUtil # enable the SeBackupPrivilege if it is disabled $state = Get-AnsiblePrivilege -Name SeBackupPrivilege if ($state -eq $false) { Set-AnsiblePrivilege -Name SeBackupPrivilege -Value $true } } Function Get-Link($link_path) { $link_info = [Ansible.LinkUtil]::GetLinkInfo($link_path) return $link_info } Function Remove-Link($link_path) { [Ansible.LinkUtil]::DeleteLink($link_path) } Function New-Link($link_path, $link_target, $link_type) { if (-not (Test-Path -Path $link_target)) { throw "link_target '$link_target' does not exist, cannot create link" } switch($link_type) { "link" { $type = [Ansible.LinkType]::SymbolicLink } "junction" { if (Test-Path -Path $link_target -PathType Leaf) { throw "cannot set the target for a junction point to a file" } $type = [Ansible.LinkType]::JunctionPoint } "hard" { if (Test-Path -Path $link_target -PathType Container) { throw "cannot set the target for a hard link to a directory" } $type = [Ansible.LinkType]::HardLink } default { throw "invalid link_type option $($link_type): expecting link, junction, hard" } } [Ansible.LinkUtil]::CreateLink($link_path, $link_target, $type) } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 753b89a7-e1f5-4607-befc-c7aad1a6493e Path:	4104	1		3	2	15	0	1725	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3220	4624	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:36 PM	e5295ba9-9827-0002-5f5d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 19c60ae2-7fc8-4f09-923c-074cf0140ff4 Path:	4104	1		3	2	15	0	1724	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3220	4624	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:35 PM	e5295ba9-9827-0002-505d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): uIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5GaWxlVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxpbmtVdGlsCgpmdW5jdGlvbiBEYXRlVG8tVGltZXN0YW1wKCRzdGFydF9kYXRlLCAkZW5kX2RhdGUpIHsKICAgIGlmICgkc3RhcnRfZGF0ZSAtYW5kICRlbmRfZGF0ZSkgewogICAgICAgIHJldHVybiAoTmV3LVRpbWVTcGFuIC1TdGFydCAkc3RhcnRfZGF0ZSAtRW5kICRlbmRfZGF0ZSkuVG90YWxTZWNvbmRzCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJwYXRoIiAtdHlwZSAicGF0aCIgLWZhaWxpZmVtcHR5ICR0cnVlIC1hbGlhc2VzICJkZXN0IiwibmFtZSIKJGdldF9tZDUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2V0X21kNSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokZ2V0X2NoZWNrc3VtID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImdldF9jaGVja3N1bSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCiRjaGVja3N1bV9hbGdvcml0aG0gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hlY2tzdW1fYWxnb3JpdGhtIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAic2hhMSIgLXZhbGlkYXRlc2V0ICJtZDUiLCJzaGExIiwic2hhMjU2Iiwic2hhMzg0Iiwic2hhNTEyIgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCiAgICBzdGF0ID0gQHsKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfQoKIyBnZXRfbWQ1IHdpbGwgYmUgYW4gdW5kb2N1bWVudGVkIG9wdGlvbiBpbiAyLjkgdG8gYmUgcmVtb3ZlZCBhdCBhIGxhdGVyCiMgZGF0ZSBpZiBwb3NzaWJsZSAoMy4wKykKaWYgKEdldC1NZW1iZXIgLWlucHV0b2JqZWN0ICRwYXJhbXMgLW5hbWUgImdldF9tZDUiKSB7CiAgICBBZGQtRGVwcmVhY3Rpb25XYXJuaW5nIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiZ2V0X21kNSBoYXMgYmVlbiBkZXByZWNhdGVkIGFsb25nIHdpdGggdGhlIG1kNSByZXR1cm4gdmFsdWUsIHVzZSBnZXRfY2hlY2tzdW09VHJ1ZSBhbmQgY2hlY2tzdW1fYWxnb3JpdGhtPW1kNSBpbnN0ZWFkIiAtdmVyc2lvbiAyLjkKfQoKJGluZm8gPSBHZXQtQW5zaWJsZUl0ZW0gLVBhdGggJHBhdGggLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKSWYgKCRpbmZvIC1uZSAkbnVsbCkgewogICAgJGVwb2NoX2RhdGUgPSBHZXQtRGF0ZSAtRGF0ZSAiMDEvMDEvMTk3MCIKICAgICRhdHRyaWJ1dGVzID0gQCgpCiAgICBmb3JlYWNoICgkYXR0cmlidXRlIGluICgkaW5mby5BdHRyaWJ1dGVzIC1zcGxpdCAnLCcpKSB7CiAgICAgICAgJGF0dHJpYnV0ZXMgKz0gJGF0dHJpYnV0ZS5UcmltKCkKICAgIH0KCiAgICAjIGRlZmF1bHQgdmFsdWVzIHRoYXQgYXJlIGFsd2F5cyBzZXQsIHNwZWNpZmljIHZhbHVlcyBhcmUgc2V0IGJlbG93IHRoaXMKICAgICMgYnV0IGFyZSBrZXB0IGNvbW1lbnRlZCBmb3IgZWFzaWVyIHJlYWRhYmlsaXR5CiAgICAkc3RhdCA9IEB7CiAgICAgICAgZXhpc3RzID0gJHRydWUKICAgICAgICBhdHRyaWJ1dGVzID0gJGluZm8uQXR0cmlidXRlcy5Ub1N0cmluZygpCiAgICAgICAgaXNhcmNoaXZlID0gKCRhdHRyaWJ1dGVzIC1jb250YWlucyAiQXJjaGl2ZSIpCiAgICAgICAgaXNkaXIgPSAkZmFsc2UKICAgICAgICBpc2hpZGRlbiA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIkhpZGRlbiIpCiAgICAgICAgaXNqdW5jdGlvbiA9ICRmYWxzZQogICAgICAgIGlzbG5rID0gJGZhbHNlCiAgICAgICAgaXNyZWFkb25seSA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIlJlYWRPbmx5IikKICAgICAgICBpc3JlZyA9ICRmYWxzZQogICAgICAgIGlzc2hhcmVkID0gJGZhbHNlCiAgICAgICAgbmxpbmsgPSAxICAjIE51bWJlciBvZiBsaW5rcyB0byB0aGUgZmlsZSAoaGFyZCBsaW5rcyksIG92ZXJyaWRlbiBiZWxvdyBpZiBpc2xuawogICAgICAgICMgbG5rX3RhcmdldCA9IGlzbG5rIG9yIGlzanVuY3Rpb24gVGFyZ2V0IG9mIHRoZSBzeW1saW5rLiBOb3RlIHRoYXQgcmVsYXRpdmUgcGF0aHMgcmVtYWluIHJlbGF0aXZlCiAgICAgICAgIyBsbmtfc291cmNlID0gaXNsbmsgb3MgaXNqdW5jdGlvbiBUYXJnZXQgb2YgdGhlIHN5bWxpbmsgbm9ybWFsaXplZCBmb3IgdGhlIHJlbW90ZSBmaWxlc3lzdGVtCiAgICAgICAgaGxua190YXJnZXRzID0gQCgpCiAgICAgICAgY3JlYXRpb250aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkNyZWF0aW9uVGltZSkKICAgICAgICBsYXN0YWNjZXNzdGltZSA9IChEYXRlVG8tVGltZXN0YW1wIC1zdGFydF9kYXRlICRlcG9jaF9kYXRlIC1lbmRfZGF0ZSAkaW5mby5MYXN0QWNjZXNzVGltZSkKICAgICAgICBsYXN0d3JpdGV0aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkxhc3RXcml0ZVRpbWUpCiAgICAgICAgIyBzaXplID0gYSBmaWxlIGFuZCBkaXJlY3RvcnkgLSBjYWxjdWxhdGVkIGJlbG93CiAgICAgICAgcGF0aCA9ICRpbmZvLkZ1bGxOYW1lCiAgICAgICAgZmlsZW5hbWUgPSAkaW5mby5OYW1lCiAgICAgICAgIyBleHRlbnNpb24gPSBhIGZpbGUKICAgICAgICAjIG93bmVyID0gc2V0IG91dHNpdGUgdGhpcyBkaWN0IGluIGNhc2UgaXQgZmFpbHMKICAgICAgICAjIHNoYXJlbmFtZSA9IGEgZGlyZWN0b3J5IGFuZCBpc3NoYXJlZCBpcyBUcnVlCiAgICAgICAgIyBjaGVja3N1bSA9IGEgZmlsZSBhbmQgZ2V0X2NoZWNrc3VtOiBUcnVlCiAgICAgICAgIyBtZDUgPSBhIGZpbGUgYW5kIGdldF9tZDU6IFRydWUKICAgIH0KICAgICRzdGF0Lm93bmVyID0gJGluZm8uR2V0QWNjZXNzQ29udHJvbCgpLk93bmVyCgogICAgIyB2YWx1ZXMgdGhhdCBhcmUgc2V0IGFjY29yZGluZyB0byB0aGUgdHlwZSBvZiBmaWxlCiAgICBpZiAoJGluZm8uQXR0cmlidXRlcy5IYXNGbGFnKFtTeXN0ZW0uSU8uRmlsZUF0dHJpYnV0ZXNdOjpEaXJlY3RvcnkpKSB7CiAgICAgICAgJHN0YXQuaXNkaXIgPSAkdHJ1ZQogICAgICAgICRzaGFyZV9pbmZvID0gR2V0LVdtaU9iamVjdCAtQ2xhc3MgV2luMzJfU2hhcmUgLUZpbHRlciAiUGF0aD0nJCgkc3RhdC5wYXRoIC1yZXBsYWNlICdcXCcsICdcXCcpJyIKICAgICAgICBpZiAoJHNoYXJlX2luZm8gLW5lICRudWxsKSB7CiAgICAgICAgICAgICRzdGF0Lmlzc2hhcmVkID0gJHRydWUKICAgICAgICAgICAgJHN0YXQuc2hhcmVuYW1lID0gJHNoYXJlX2luZm8uTmFtZQogICAgICAgIH0KCiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHNpemUgPSAwCiAgICAgICAgICAgIGZvcmVhY2ggKCRmaWxlIGluICRpbmZvLkVudW1lcmF0ZUZpbGVzKCIqIiwgW1N5c3RlbS5JTy5TZWFyY2hPcHRpb25dOjpBbGxEaXJlY3RvcmllcykpIHsKICAgICAgICAgICAgICAgICRzaXplICs9ICRmaWxlLkxlbmd0aAogICAgICAgICAgICB9CiAgICAgICAgICAgICRzdGF0LnNpemUgPSAkc2l6ZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICAkc3RhdC5zaXplID0gMAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHN0YXQuZXh0ZW5zaW9uID0gJGluZm8uRXh0ZW5zaW9uCiAgICAgICAgJHN0YXQuaXNyZWcgPSAkdHJ1ZQogICAgICAgICRzdGF0LnNpemUgPSAkaW5mby5MZW5ndGgKCiAgICAgICAgaWYgKCRnZXRfbWQ1KSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3RhdC5tZDUgPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gIm1kNSIKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gZ2V0IE1ENSBoYXNoIG9mIGZpbGUsIHJlbW92ZSBnZXRfbWQ1IHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBpZiAoJGdldF9jaGVja3N1bSkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgJHN0YXQuY2hlY2tzdW0gPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gJGNoZWNrc3VtX2FsZ29yaXRobQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byBnZXQgaGFzaCBvZiBmaWxlLCBzZXQgZ2V0X2NoZWNrc3VtIHRvIEZhbHNlIHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAjIEdldCBzeW1ib2xpYyBsaW5rLCBqdW5jdGlvbiBwb2ludCwgaGFyZCBsaW5rIGluZm8KICAgIExvYWQtTGlua1V0aWxzCiAgICB0cnkgewogICAgICAgICRsaW5rX2luZm8gPSBHZXQtTGluayAtbGlua19wYXRoICRpbmZvLkZ1bGxOYW1lCiAgICB9IGNhdGNoIHsKICAgICAgICBBZGQtV2FybmluZyAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBjaGVjay9nZXQgbGluayBpbmZvIGZvciBmaWxlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KICAgIGlmICgkbGlua19pbmZvIC1uZSAkbnVsbCkgewogICAgICAgIHN3aXRjaCAoJGxpbmtfaW5mby5UeXBlKSB7CiAgICAgICAgICAgICJTeW1ib2xpY0xpbmsiIHsKICAgICAgICAgICAgICAgICRzdGF0LmlzbG5rID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJKdW5jdGlvblBvaW50IiB7CiAgICAgICAgICAgICAgICAkc3RhdC5pc2p1bmN0aW9uID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJIYXJkTGluayIgewogICAgICAgICAgICAgICAgJHN0YXQubG5rX3R5cGUgPSAiaGFyZCIKICAgICAgICAgICAgICAgICRzdGF0Lm5saW5rID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cy5Db3VudAoKICAgICAgICAgICAgICAgICMgcmVtb3ZlIGN1cnJlbnQgcGF0aCBmcm9tIHRoZSB0YXJnZXRzCiAgICAgICAgICAgICAgICAkaGxua190YXJnZXRzID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cyB8IFdoZXJlLU9iamVjdCB7ICRfIC1uZSAkc3RhdC5wYXRoIH0KICAgICAgICAgICAgICAgICRzdGF0LmhsbmtfdGFyZ2V0cyA9IEAoJGhsbmtfdGFyZ2V0cykKICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CgogICAgJHJlc3VsdC5zdGF0ID0gJHN0YXQKfQoKRXhpdC1Kc29uICRyZXN1bHQK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_stat", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_check_mode": false, "get_checksum": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack\\log\\nova-compute.log", "get_md5": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 06a48d89-e848-4a01-8f49-121f1c9d8a68 Path:	4104	1		3	2	15	0	1723	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3220	4624	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:35 PM	e5295ba9-9827-0002-4b5d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): AgICAgICAiaGFyZCIgewogICAgICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRsaW5rX3RhcmdldCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGhhcmQgbGluayB0byBhIGRpcmVjdG9yeSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SGFyZExpbmsKICAgICAgICB9CiAgICAgICAgZGVmYXVsdCB7IHRocm93ICJpbnZhbGlkIGxpbmtfdHlwZSBvcHRpb24gJCgkbGlua190eXBlKTogZXhwZWN0aW5nIGxpbmssIGp1bmN0aW9uLCBoYXJkIiB9CiAgICB9CiAgICBbQW5zaWJsZS5MaW5rVXRpbF06OkNyZWF0ZUxpbmsoJGxpbmtfcGF0aCwgJGxpbmtfdGFyZ2V0LCAkdHlwZSkKfQoKIyB0aGlzIGxpbmUgbXVzdCBzdGF5IGF0IHRoZSBib3R0b20gdG8gZW5zdXJlIGFsbCBkZWZpbmVkIG1vZHVsZSBwYXJ0cyBhcmUgZXhwb3J0ZWQKRXhwb3J0LU1vZHVsZU1lbWJlciAtQWxpYXMgKiAtRnVuY3Rpb24gKiAtQ21kbGV0ICoK", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJ ScriptBlock ID: 06a48d89-e848-4a01-8f49-121f1c9d8a68 Path:	4104	1		3	2	15	0	1722	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3220	4624	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:35 PM	e5295ba9-9827-0002-4b5d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): zMiBkd0ZsYWdzQW5kQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGhUZW1wbGF0ZUZpbGUpOwoKICAgICAgICAvLyBVc2VkIGJ5IEdldFJlcGFyc2VQb2ludEluZm8oKQogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIERldmljZUlvQ29udHJvbCgKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaERldmljZSwKICAgICAgICAgICAgVUludDMyIGR3SW9Db250cm9sQ29kZSwKICAgICAgICAgICAgSW50UHRyIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgUkVQQVJTRV9EQVRBX0JVRkZFUiBscE91dEJ1ZmZlciwKICAgICAgICAgICAgVUludDMyIG5PdXRCdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgVUludDMyIGxwQnl0ZXNSZXR1cm5lZCwKICAgICAgICAgICAgSW50UHRyIGxwT3ZlcmxhcHBlZCk7CgogICAgICAgIC8vIFVzZWQgYnkgQ3JlYXRlSnVuY3Rpb25Qb2ludCgpCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIGJvb2wgRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICBTYWZlRmlsZUhhbmRsZSBoRGV2aWNlLAogICAgICAgICAgICBVSW50MzIgZHdJb0NvbnRyb2xDb2RlLAogICAgICAgICAgICBSRVBBUlNFX0RBVEFfQlVGRkVSIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBJbnRQdHIgbHBPdXRCdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuT3V0QnVmZmVyU2l6ZSwKICAgICAgICAgICAgb3V0IFVJbnQzMiBscEJ5dGVzUmV0dXJuZWQsCiAgICAgICAgICAgIEludFB0ciBscE92ZXJsYXBwZWQpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBHZXRWb2x1bWVQYXRoTmFtZSgKICAgICAgICAgICAgc3RyaW5nIGxwc3pGaWxlTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscHN6Vm9sdW1lUGF0aE5hbWUsCiAgICAgICAgICAgIHJlZiBVSW50MzIgY2NoQnVmZmVyTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIEludFB0ciBGaW5kRmlyc3RGaWxlTmFtZVcoCiAgICAgICAgICAgIHN0cmluZyBscEZpbGVOYW1lLAogICAgICAgICAgICBVSW50MzIgZHdGbGFncywKICAgICAgICAgICAgcmVmIFVJbnQzMiBTdHJpbmdMZW5ndGgsCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgTGlua05hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBGaW5kTmV4dEZpbGVOYW1lVygKICAgICAgICAgICAgSW50UHRyIGhGaW5kU3RyZWFtLAogICAgICAgICAgICByZWYgVUludDMyIFN0cmluZ0xlbmd0aCwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBMaW5rTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEZpbmRDbG9zZSgKICAgICAgICAgICAgSW50UHRyIGhGaW5kRmlsZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeSgKICAgICAgICAgICAgc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBEZWxldGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIENyZWF0ZVN5bWJvbGljTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwU3ltbGlua0ZpbGVOYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBUYXJnZXRGaWxlTmFtZSwKICAgICAgICAgICAgVUludDMyIGR3RmxhZ3MpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVIYXJkTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwRmlsZU5hbWUsCiAgICAgICAgICAgIHN0cmluZyBscEV4aXN0aW5nRmlsZU5hbWUsCiAgICAgICAgICAgIEludFB0ciBscFNlY3VyaXR5QXR0cmlidXRlcyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgTGlua0luZm8gR2V0TGlua0luZm8oc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rUGF0aCk7CiAgICAgICAgICAgIGlmIChhdHRyLkhhc0ZsYWcoRmlsZUF0dHJpYnV0ZXMuUmVwYXJzZVBvaW50KSkKICAgICAgICAgICAgICAgIHJldHVybiBHZXRSZXBhcnNlUG9pbnRJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIGlmICghYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICByZXR1cm4gR2V0SGFyZExpbmtJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIHJldHVybiBudWxsOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUxpbmsoc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgYm9vbCBzdWNjZXNzOwogICAgICAgICAgICBGaWxlQXR0cmlidXRlcyBhdHRyID0gRmlsZS5HZXRBdHRyaWJ1dGVzKGxpbmtQYXRoKTsKICAgICAgICAgICAgaWYgKGF0dHIuSGFzRmxhZyhGaWxlQXR0cmlidXRlcy5EaXJlY3RvcnkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzdWNjZXNzID0gUmVtb3ZlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIHN1Y2Nlc3MgPSBEZWxldGVGaWxlKGxpbmtQYXRoKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgaWYgKCFzdWNjZXNzKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRmFpbGVkIHRvIGRlbGV0ZSBsaW5rIGF0IHswfSIsIGxpbmtQYXRoKSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgQ3JlYXRlTGluayhzdHJpbmcgbGlua1BhdGgsIFN0cmluZyBsaW5rVGFyZ2V0LCBMaW5rVHlwZSBsaW5rVHlwZSkKICAgICAgICB7CiAgICAgICAgICAgIHN3aXRjaCAobGlua1R5cGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGNhc2UgTGlua1R5cGUuU3ltYm9saWNMaW5rOgogICAgICAgICAgICAgICAgICAgIFVJbnQzMiBsaW5rRmxhZ3M7CiAgICAgICAgICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rVGFyZ2V0KTsKICAgICAgICAgICAgICAgICAgICBpZiAoYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICAgICAgICAgIGxpbmtGbGFncyA9IFNZTUJPTElDX0xJTktfRkxBR19ESVJFQ1RPUlk7CiAgICAgICAgICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgICAgICAgICBsaW5rRmxhZ3MgPSBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRTsKCiAgICAgICAgICAgICAgICAgICAgaWYgKCFDcmVhdGVTeW1ib2xpY0xpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIGxpbmtGbGFncykpCiAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZVN5bWJvbGljTGluayh7MH0sIHsxfSwgezJ9KSBmYWlsZWQiLCBsaW5rUGF0aCwgbGlua1RhcmdldCwgbGlua0ZsYWdzKSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkp1bmN0aW9uUG9pbnQ6CiAgICAgICAgICAgICAgICAgICAgQ3JlYXRlSnVuY3Rpb25Qb2ludChsaW5rUGF0aCwgbGlua1RhcmdldCk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkhhcmRMaW5rOgogICAgICAgICAgICAgICAgICAgIGlmICghQ3JlYXRlSGFyZExpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlSGFyZExpbmsoezB9LCB7MX0pIGZhaWxlZCIsIGxpbmtQYXRoLCBsaW5rVGFyZ2V0KSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIExpbmtJbmZvIEdldEhhcmRMaW5rSW5mbyhzdHJpbmcgbGlua1BhdGgpCiAgICAgICAgewogICAgICAgICAgICBVSW50MzIgbWF4UGF0aCA9IDI2MDsKICAgICAgICAgICAgTGlzdDxzdHJpbmc+IHJlc3VsdCA9IG5ldyBMaXN0PHN0cmluZz4oKTsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgc2IgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KW1heFBhdGgpOwogICAgICAgICAgICBVSW50MzIgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgaWYgKCFHZXRWb2x1bWVQYXRoTmFtZShsaW5rUGF0aCwgc2IsIHJlZiBzdHJpbmdMZW5ndGgpKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oIkdldFZvbHVtZVBhdGhOYW1lKCkgZmFpbGVkIik7CiAgICAgICAgICAgIHN0cmluZyB2b2x1bWUgPSBzYi5Ub1N0cmluZygpOwoKICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgSW50UHRyIGZpbmRIYW5kbGUgPSBGaW5kRmlyc3RGaWxlTmFtZVcobGlua1BhdGgsIDAsIHJlZiBzdHJpbmdMZW5ndGgsIHNiKTsKICAgICAgICAgICAgaWYgKGZpbmRIYW5kbGUuVG9JbnQ2NCgpICE9IElOVkFMSURfSEFORExFX1ZBTFVFKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBkbwogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nIGhhcmRMaW5rUGF0aCA9IHNiLlRvU3RyaW5nKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChoYXJkTGlua1BhdGguU3RhcnRzV2l0aCgiXFwiKSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhhcmRMaW5rUGF0aCA9IGhhcmRMaW5rUGF0aC5TdWJzdHJpbmcoMSwgaGFyZExpbmtQYXRoLkxlbmd0aCAtIDEpOwoKICAgICAgICAgICAgICAgICAgICAgICAgcmVzdWx0LkFkZChQYXRoLkNvbWJpbmUodm9sdW1lLCBoYXJkTGlua1BhdGgpKTsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKCiAgICAgICAgICAgICAgICAgICAgfSB3aGlsZSAoRmluZE5leHRGaWxlTmFtZVcoZmluZEhhbmRsZSwgcmVmIHN0cmluZ0xlbmd0aCwgc2IpKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBGaW5kQ2xvc2UoZmluZEhhbmRsZSk7CiAgICAgICAgICAgICAgICB9ICAgICAgICAgICAgICAgIAogICAgICAgICAgICB9CgogICAgICAgICAgICBpZiAocmVzdWx0LkNvdW50ID4gMSkKICAgICAgICAgICAgICAgIHJldHVybiBuZXcgTGlua0luZm8KICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBUeXBlID0gTGlua1R5cGUuSGFyZExpbmssCiAgICAgICAgICAgICAgICAgICAgSGFyZFRhcmdldHMgPSByZXN1bHQuVG9BcnJheSgpCiAgICAgICAgICAgICAgICB9OwoKICAgICAgICAgICAgcmV0dXJuIG51bGw7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBMaW5rSW5mbyBHZXRSZXBhcnNlUG9pbnRJbmZvKHN0cmluZyBsaW5rUGF0aCkKICAgICAgICB7CiAgICAgICAgICAgIFNhZmVGaWxlSGFuZGxlIGZpbGVIYW5kbGUgPSBDcmVhdGVGaWxlKAogICAgICAgICAgICAgICAgbGlua1BhdGgsCiAgICAgICAgICAgICAgICBGaWxlQWNjZXNzLlJlYWQsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuTm9uZSwKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgRmlsZU1vZGUuT3BlbiwKICAgICAgICAgICAgICAgIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgfCBGSUxFX0ZMQUdfQkFDS1VQX1NFTUFOVElDUywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKTsKCiAgICAgICAgICAgIGlmIChmaWxlSGFuZGxlLklzSW52YWxpZCkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZUZpbGUoezB9KSBmYWlsZWQiLCBsaW5rUGF0aCkpOyAgICAgICAgICAgIAoKICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfR0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICAgICAgMCwKICAgICAgICAgICAgICAgICAgICBvdXQgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIE1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgZm9yIGZpbGUgYXQgezB9IiwgbGlua1BhdGgpKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUuRGlzcG9zZSgpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBib29sIGlzUmVsYXRpdmUgPSBmYWxzZTsKICAgICAgICAgICAgaW50IHBhdGhPZmZzZXQgPSAwOwogICAgICAgICAgICBMaW5rVHlwZSBsaW5rVHlwZTsKICAgICAgICAgICAgaWYgKGJ1ZmZlci5SZXBhcnNlVGFnID09IElPX1JFUEFSU0VfVEFHX1NZTUxJTkspCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFVJbnQzMiBidWZmZXJGbGFncyA9IENvbnZlcnQuVG9VSW50MzIoYnVmZmVyLlBhdGhCdWZmZXJbMF0pICsgQ29udmVydC5Ub1VJbnQzMihidWZmZXIuUGF0aEJ1ZmZlclsxXSk7CiAgICAgICAgICAgICAgICBpZiAoYnVmZmVyRmxhZ3MgPT0gU1lNTElOS19GTEFHX1JFTEFUSVZFKQogICAgICAgICAgICAgICAgICAgIGlzUmVsYXRpdmUgPSB0cnVlOwogICAgICAgICAgICAgICAgcGF0aE9mZnNldCA9IDI7CiAgICAgICAgICAgICAgICBsaW5rVHlwZSA9IExpbmtUeXBlLlN5bWJvbGljTGluazsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlIGlmIChidWZmZXIuUmVwYXJzZVRhZyA9PSBJT19SRVBBUlNFX1RBR19NT1VOVF9QT0lOVCkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgbGlua1R5cGUgPSBMaW5rVHlwZS5KdW5jdGlvblBvaW50OwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIGVycm9yTWVzc2FnZSA9IFN0cmluZy5Gb3JtYXQoIkludmFsaWQgUmVwYXJzZSBUYWc6IHswfSIsIGJ1ZmZlci5SZXBhcnNlVGFnLlRvU3RyaW5nKCkpOwogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEV4Y2VwdGlvbihlcnJvck1lc3NhZ2UpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBzdHJpbmcgcHJpbnROYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlByaW50TmFtZU9mZnNldCAvIFNJWkVfT0ZfV0NIQVIpICsgcGF0aE9mZnNldCwgKGludCkoYnVmZmVyLlByaW50TmFtZUxlbmd0aCAvIFNJWkVfT0ZfV0NIQVIpKTsKICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0IC8gU0laRV9PRl9XQ0hBUikgKyBwYXRoT2Zmc2V0LCAoaW50KShidWZmZXIuU3Vic3RpdHV0ZU5hbWVMZW5ndGggLyBTSVpFX09GX1dDSEFSKSk7CgogICAgICAgICAgICAvLyBUT0RPOiBzaG91bGQgd2UgY2hlY2sgZm9yIFw/XFVOQ1xzZXJ2ZXIgZm9yIGNvbnZlcnQgaXQgdG8gdGhlIE5UIHN0eWxlIFxcc2VydmVyIHBhdGgKICAgICAgICAgICAgLy8gUmVtb3ZlIHRoZSBsZWFkaW5nIFdpbmRvd3Mgb2JqZWN0IGRpcmVjdG9yeSBcP1wgZnJvbSB0aGUgcGF0aCBpZiBwcmVzZW50CiAgICAgICAgICAgIHN0cmluZyB0YXJnZXRQYXRoID0gc3Vic3RpdHV0ZU5hbWU7CiAgICAgICAgICAgIGlmICh0YXJnZXRQYXRoLlN0YXJ0c1dpdGgoIlxcPz9cXCIpKQogICAgICAgICAgICAgICAgdGFyZ2V0UGF0aCA9IHRhcmdldFBhdGguU3Vic3RyaW5nKDQsIHRhcmdldFBhdGguTGVuZ3RoIC0gNCk7CgogICAgICAgICAgICBzdHJpbmcgYWJzb2x1dGVQYXRoID0gdGFyZ2V0UGF0aDsKICAgICAgICAgICAgaWYgKGlzUmVsYXRpdmUpCiAgICAgICAgICAgICAgICBhYnNvbHV0ZVBhdGggPSBQYXRoLkdldEZ1bGxQYXRoKFBhdGguQ29tYmluZShuZXcgRmlsZUluZm8obGlua1BhdGgpLkRpcmVjdG9yeS5GdWxsTmFtZSwgdGFyZ2V0UGF0aCkpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBMaW5rSW5mbwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBUeXBlID0gbGlua1R5cGUsCiAgICAgICAgICAgICAgICBQcmludE5hbWUgPSBwcmludE5hbWUsCiAgICAgICAgICAgICAgICBTdWJzdGl0dXRlTmFtZSA9IHN1YnN0aXR1dGVOYW1lLAogICAgICAgICAgICAgICAgQWJzb2x1dGVQYXRoID0gYWJzb2x1dGVQYXRoLAogICAgICAgICAgICAgICAgVGFyZ2V0UGF0aCA9IHRhcmdldFBhdGgKICAgICAgICAgICAgfTsKICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIHZvaWQgQ3JlYXRlSnVuY3Rpb25Qb2ludChzdHJpbmcgbGlua1BhdGgsIHN0cmluZyBsaW5rVGFyZ2V0KQogICAgICAgIHsKICAgICAgICAgICAgLy8gV2UgbmVlZCB0byBjcmVhdGUgdGhlIGxpbmsgYXMgYSBkaXIgYmVmb3JlaGFuZAogICAgICAgICAgICBEaXJlY3RvcnkuQ3JlYXRlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgZmlsZUhhbmRsZSA9IENyZWF0ZUZpbGUoCiAgICAgICAgICAgICAgICBsaW5rUGF0aCwKICAgICAgICAgICAgICAgIEZpbGVBY2Nlc3MuV3JpdGUsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuUmVhZCB8IEZpbGVTaGFyZS5Xcml0ZSB8IEZpbGVTaGFyZS5Ob25lLAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICBGaWxlTW9kZS5PcGVuLAogICAgICAgICAgICAgICAgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgfCBGSUxFX0ZMQUdfT1BFTl9SRVBBUlNFX1BPSU5ULAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8pOwoKICAgICAgICAgICAgaWYgKGZpbGVIYW5kbGUuSXNJbnZhbGlkKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlRmlsZSh7MH0pIGZhaWxlZCIsIGxpbmtQYXRoKSk7CgogICAgICAgICAgICB0cnkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gIlxcPz9cXCIgKyBQYXRoLkdldEZ1bGxQYXRoKGxpbmtUYXJnZXQpOwogICAgICAgICAgICAgICAgc3RyaW5nIHByaW50TmFtZSA9IGxpbmtUYXJnZXQ7CgogICAgICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICAgICAgYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0ID0gMDsKICAgICAgICAgICAgICAgIGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCA9IChVSW50MTYpKHN1YnN0aXR1dGVOYW1lLkxlbmd0aCAqIFNJWkVfT0ZfV0NIQVIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZU9mZnNldCA9IChVSW50MTYpKGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCArIDIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZUxlbmd0aCA9IChVSW50MTYpKHByaW50TmFtZS5MZW5ndGggKiBTSVpFX09GX1dDSEFSKTsKCiAgICAgICAgICAgICAgICBidWZmZXIuUmVwYXJzZVRhZyA9IElPX1JFUEFSU0VfVEFHX01PVU5UX1BPSU5UOwogICAgICAgICAgICAgICAgYnVmZmVyLlJlcGFyc2VEYXRhTGVuZ3RoID0gKFVJbnQxNikoYnVmZmVyLlN1YnN0aXR1dGVOYW1lTGVuZ3RoICsgYnVmZmVyLlByaW50TmFtZUxlbmd0aCArIDEyKTsKICAgICAgICAgICAgICAgIGJ1ZmZlci5QYXRoQnVmZmVyID0gbmV3IGNoYXJbTUFYSU1VTV9SRVBBUlNFX0RBVEFfQlVGRkVSX1NJWkVdOwoKICAgICAgICAgICAgICAgIGJ5dGVbXSB1bmljb2RlQnl0ZXMgPSBFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHN1YnN0aXR1dGVOYW1lICsgIlwwIiArIHByaW50TmFtZSk7CiAgICAgICAgICAgICAgICBjaGFyW10gcGF0aEJ1ZmZlciA9IEVuY29kaW5nLlVuaWNvZGUuR2V0Q2hhcnModW5pY29kZUJ5dGVzKTsKICAgICAgICAgICAgICAgIEFycmF5LkNvcHkocGF0aEJ1ZmZlciwgYnVmZmVyLlBhdGhCdWZmZXIsIHBhdGhCdWZmZXIuTGVuZ3RoKTsKCiAgICAgICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIChVSW50MzIpKGJ1ZmZlci5SZXBhcnNlRGF0YUxlbmd0aCArIDgpLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLCAwLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgdG8gY3JlYXRlIGp1bmN0aW9uIHBvaW50IGF0IHswfSB0byB7MX0iLCBsaW5rUGF0aCwgbGlua1RhcmdldCkpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZmlsZUhhbmRsZS5EaXNwb3NlKCk7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9Cn0KJ0AKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRsaW5rX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKICAgIEltcG9ydC1Qcml2aWxlZ2VVdGlsCiAgICAjIGVuYWJsZSB0aGUgU2VCYWNrdXBQcml2aWxlZ2UgaWYgaXQgaXMgZGlzYWJsZWQKICAgICRzdGF0ZSA9IEdldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQmFja3VwUHJpdmlsZWdlCiAgICBpZiAoJHN0YXRlIC1lcSAkZmFsc2UpIHsKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZSAtTmFtZSBTZUJhY2t1cFByaXZpbGVnZSAtVmFsdWUgJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUxpbmsoJGxpbmtfcGF0aCkgewogICAgJGxpbmtfaW5mbyA9IFtBbnNpYmxlLkxpbmtVdGlsXTo6R2V0TGlua0luZm8oJGxpbmtfcGF0aCkKICAgIHJldHVybiAkbGlua19pbmZvCn0KCkZ1bmN0aW9uIFJlbW92ZS1MaW5rKCRsaW5rX3BhdGgpIHsKICAgIFtBbnNpYmxlLkxpbmtVdGlsXTo6RGVsZXRlTGluaygkbGlua19wYXRoKQp9CgpGdW5jdGlvbiBOZXctTGluaygkbGlua19wYXRoLCAkbGlua190YXJnZXQsICRsaW5rX3R5cGUpIHsKICAgIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0KSkgewogICAgICAgIHRocm93ICJsaW5rX3RhcmdldCAnJGxpbmtfdGFyZ2V0JyBkb2VzIG5vdCBleGlzdCwgY2Fubm90IGNyZWF0ZSBsaW5rIgogICAgfQogICAgCiAgICBzd2l0Y2goJGxpbmtfdHlwZSkgewogICAgICAgICJsaW5rIiB7CiAgICAgICAgICAgICR0eXBlID0gW0Fuc2libGUuTGlua1R5cGVdOjpTeW1ib2xpY0xpbmsKICAgICAgICB9CiAgICAgICAgImp1bmN0aW9uIiB7CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGp1bmN0aW9uIHBvaW50IHRvIGEgZmlsZSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SnVuY3Rpb25Qb2ludAogICAgICAgIH0KIC ScriptBlock ID: 06a48d89-e848-4a01-8f49-121f1c9d8a68 Path:	4104	1		3	2	15	0	1721	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3220	4624	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:35 PM	e5295ba9-9827-0002-4b5d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): KTsKCiAgICAgICAgICAgICAgICAvLyBjb3B5IHRoZSByZW1haW5pbmcgTFVJRF9BTkRfQVRUUklCVVRFUyAoaWYgYW55KQogICAgICAgICAgICAgICAgZm9yIChpbnQgaSA9IDE7IGkgPCBuZXdTdGF0ZS5MZW5ndGg7IGkrKykKICAgICAgICAgICAgICAgICAgICBvZmZzZXQgKz0gU3RydWN0dXJlVG9CeXRlcyhuZXdTdGF0ZVtpXSwgbmV3U3RhdGVCeXRlcywgb2Zmc2V0KTsKCiAgICAgICAgICAgICAgICAvLyBmaW5hbGx5IGNyZWF0ZSB0aGUgcG9pbnRlciB0byB0aGUgYnl0ZSBhcnJheSB3ZSBqdXN0IGNyZWF0ZWQKICAgICAgICAgICAgICAgIG5ld1N0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwobmV3U3RhdGVCeXRlcy5MZW5ndGgpOwogICAgICAgICAgICAgICAgTWFyc2hhbC5Db3B5KG5ld1N0YXRlQnl0ZXMsIDAsIG5ld1N0YXRlUHRyLCBuZXdTdGF0ZUJ5dGVzLkxlbmd0aCk7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBJbnRQdHIgaFRva2VuID0gSW50UHRyLlplcm87CiAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuT3BlblByb2Nlc3NUb2tlbih0b2tlbiwgVG9rZW5BY2Nlc3NMZXZlbHMuUXVlcnkgfCBUb2tlbkFjY2Vzc0xldmVscy5BZGp1c3RQcml2aWxlZ2VzLCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIk9wZW5Qcm9jZXNzVG9rZW4oKSBmYWlsZWQgd2l0aCBRdWVyeSBhbmQgQWRqdXN0UHJpdmlsZWdlcyIpOwogICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgSW50UHRyIG9sZFN0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoMCk7CiAgICAgICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkFkanVzdFRva2VuUHJpdmlsZWdlcyhoVG9rZW4sIGRpc2FibGVBbGxQcml2aWxlZ2VzLCBuZXdTdGF0ZVB0ciwgMCwgb2xkU3RhdGVQdHIsIG91dCByZXR1cm5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChlcnJDb2RlICE9IDEyMikgLy8gRVJST1JfSU5TVUZGSUNJRU5UX0JVRkZFUgogICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKGVyckNvZGUsICJBZGp1c3RUb2tlblByaXZpbGVnZXMoKSBmYWlsZWQgdG8gZ2V0IG9sZCBzdGF0ZSBzaXplIik7CiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAvLyByZXNpemUgdGhlIG9sZFN0YXRlUHRyIGJhc2VkIG9uIHRoZSBsZW5ndGggcmV0dXJuZWQgZnJvbSBXaW5kb3dzCiAgICAgICAgICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChvbGRTdGF0ZVB0cik7CiAgICAgICAgICAgICAgICAgICAgb2xkU3RhdGVQdHIgPSBNYXJzaGFsLkFsbG9jSEdsb2JhbCgoaW50KXJldHVybkxlbmd0aCk7CiAgICAgICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBib29sIHJlcyA9IE5hdGl2ZU1ldGhvZHMuQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGhUb2tlbiwgZGlzYWJsZUFsbFByaXZpbGVnZXMsIG5ld1N0YXRlUHRyLCByZXR1cm5MZW5ndGgsIG9sZFN0YXRlUHRyLCBvdXQgcmV0dXJuTGVuZ3RoKTsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBldmVuIHdoZW4gcmVzID09IHRydWUsIEVSUk9SX05PVF9BTExfQVNTSUdORUQgbWF5IGJlIHNldCBhcyB0aGUgbGFzdCBlcnJvciBjb2RlCiAgICAgICAgICAgICAgICAgICAgICAgIGlmICghcmVzIHx8IGVyckNvZGUgIT0gMCkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihlcnJDb2RlLCAiQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKCkgZmFpbGVkIik7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBNYXJzaGFsIHRoZSBvbGRTdGF0ZVB0ciB0byB0aGUgc3RydWN0CiAgICAgICAgICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUyBvbGRTdGF0ZSA9IChOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShvbGRTdGF0ZVB0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgICAgICBvbGRTdGF0ZVByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW29sZFN0YXRlLlByaXZpbGVnZUNvdW50XTsKICAgICAgICAgICAgICAgICAgICAgICAgUHRyVG9TdHJ1Y3R1cmVBcnJheShvbGRTdGF0ZVByaXZpbGVnZXMsIEludFB0ci5BZGQob2xkU3RhdGVQdHIsIE1hcnNoYWwuU2l6ZU9mKG9sZFN0YXRlLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBNYXJzaGFsLkZyZWVIR2xvYmFsKG9sZFN0YXRlUHRyKTsKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5DbG9zZUhhbmRsZShoVG9rZW4pOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaWYgKG5ld1N0YXRlUHRyICE9IEludFB0ci5aZXJvKQogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwobmV3U3RhdGVQdHIpOwogICAgICAgICAgICB9CgogICAgICAgICAgICByZXR1cm4gb2xkU3RhdGVQcml2aWxlZ2VzLlRvRGljdGlvbmFyeShwID0+IEdldFByaXZpbGVnZU5hbWUocC5MdWlkKSwgcCA9PiAoYm9vbD8pcC5BdHRyaWJ1dGVzLkhhc0ZsYWcoUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBzdHJpbmcgR2V0UHJpdmlsZWdlTmFtZShOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZCkKICAgICAgICB7CiAgICAgICAgICAgIFVJbnQzMiBuYW1lTGVuID0gMDsKICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5Mb29rdXBQcml2aWxlZ2VOYW1lKG51bGwsIHJlZiBsdWlkLCBudWxsLCByZWYgbmFtZUxlbik7CgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIG5hbWUgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KShuYW1lTGVuICsgMSkpOwogICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuTG9va3VwUHJpdmlsZWdlTmFtZShudWxsLCByZWYgbHVpZCwgbmFtZSwgcmVmIG5hbWVMZW4pKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJMb29rdXBQcml2aWxlZ2VOYW1lKCkgZmFpbGVkIik7CgogICAgICAgICAgICByZXR1cm4gbmFtZS5Ub1N0cmluZygpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBQdHJUb1N0cnVjdHVyZUFycmF5PFQ+KFRbXSBhcnJheSwgSW50UHRyIHB0cikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBwdHJPZmZzZXQgPSBwdHI7CiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYXJyYXkuTGVuZ3RoOyBpKyssIHB0ck9mZnNldCA9IEludFB0ci5BZGQocHRyT2Zmc2V0LCBNYXJzaGFsLlNpemVPZih0eXBlb2YoVCkpKSkKICAgICAgICAgICAgICAgIGFycmF5W2ldID0gKFQpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShwdHJPZmZzZXQsIHR5cGVvZihUKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBpbnQgU3RydWN0dXJlVG9CeXRlczxUPihUIHN0cnVjdHVyZSwgYnl0ZVtdIGFycmF5LCBpbnQgb2Zmc2V0KQogICAgICAgIHsKICAgICAgICAgICAgaW50IHNpemUgPSBNYXJzaGFsLlNpemVPZihzdHJ1Y3R1cmUpOwogICAgICAgICAgICBJbnRQdHIgc3RydWN0UHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoc2l6ZSk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBNYXJzaGFsLlN0cnVjdHVyZVRvUHRyKHN0cnVjdHVyZSwgc3RydWN0UHRyLCBmYWxzZSk7CiAgICAgICAgICAgICAgICBNYXJzaGFsLkNvcHkoc3RydWN0UHRyLCBhcnJheSwgb2Zmc2V0LCBzaXplKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwoc3RydWN0UHRyKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgcmV0dXJuIHNpemU7CiAgICAgICAgfQogICAgfQp9CidACgpGdW5jdGlvbiBJbXBvcnQtUHJpdmlsZWdlVXRpbCB7CiAgICA8IwogICAgLlNZTk9QU0lTCiAgICBDb21waWxlcyB0aGUgQyMgY29kZSB0aGF0IGNhbiBiZSB1c2VkIHRvIG1hbmFnZSBXaW5kb3dzIHByaXZpbGVnZXMgZnJvbSBhbgogICAgQW5zaWJsZSBtb2R1bGUuIE9uY2UgdGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQsIHRoZSBmb2xsb3dpbmcgUG93ZXJTaGVsbAogICAgY21kbGV0cyBjYW4gYmUgdXNlZDsKCiAgICAgICAgR2V0LUFuc2libGVQcml2aWxlZ2UKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZQoKICAgIFRoZSBhYm92ZSBjbWRsZXRzIGdpdmUgdGhlIGFiaWxpdHkgdG8gbWFuYWdlIHBlcm1pc3Npb25zIG9uIHRoZSBjdXJyZW50CiAgICBwcm9jZXNzIHRva2VuIGJ1dCB0aGUgdW5kZXJseWluZyAuTkVUIGNsYXNzZXMgYXJlIGFsc28gZXhwb3NlZCBmb3IgZ3JlYXRlcgogICAgY29udHJvbC4gVGhlIGZvbGxvd2luZyBmdW5jdGlvbnMgY2FuIGJlIHVzZWQgYnkgY2FsbGluZyB0aGUgLk5FVCBjbGFzcwoKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkbmFtZSkKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkRpc2FibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6RGlzYWJsZUFsbFByaXZpbGVnZXMoJHByb2Nlc3MpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpFbmFibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2VzcykKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OlJlbW92ZVByaXZpbGVnZSgkcHJvY2VzcywgJG5hbWUpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3MsICRuZXdfc3RhdGUpCgogICAgSGVyZSBpcyBhIGJyaWVmIGV4cGxhbmF0aW9uIG9mIGVhY2ggdHlwZSBvZiBhcmcKICAgICRwcm9jZXNzID0gVGhlIHByb2Nlc3MgaGFuZGxlIHRvIG1hbmlwdWxhdGUsIHVzZSAnW0Fuc2libGUuUHJpdmlsZWdlVXRpbHMuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCknIHRvIGdldCB0aGUgY3VycmVudCBwcm9jZXNzIGhhbmRsZQogICAgJG5hbWUgPSBUaGUgbmFtZSBvZiB0aGUgcHJpdmlsZWdlLCB0aGlzIGlzIHRoZSBjb25zdGFudCB2YWx1ZSBmcm9tIGh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3dpbmRvd3MvZGVza3RvcC9TZWNBdXRoWi9wcml2aWxlZ2UtY29uc3RhbnRzLCBlLmcuIFNlQXVkaXRQcml2aWxlZ2UKICAgICRuZXdfc3RhdGUgPSAnU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nXSwgW1N5c3RlbS5OdWxsYWJsZWAxW1N5c3RlbS5Cb29sZWFuXV1dJwogICAgICAgIFRoZSBrZXkgaXMgdGhlIGNvbnN0YW50IG5hbWUgYXMgYSBzdHJpbmcsIHRoZSB2YWx1ZSBpcyBhIHRlcm5hcnkgYm9vbGVhbiB3aGVyZQogICAgICAgICAgICB0cnVlIC0gd2lsbCBlbmFibGUgdGhlIHByaXZpbGVnZQogICAgICAgICAgICBmYWxzZSAtIHdpbGwgZGlzYWJsZSB0aGUgcHJpdmlsZWdlCiAgICAgICAgICAgIG51bGwgLSB3aWxsIHJlbW92ZSB0aGUgcHJpdmlsZWdlCgogICAgRWFjaCBtZXRob2QgdGhhdCBjaGFuZ2VzIHRoZSBwcml2aWxlZ2Ugc3RhdGUgd2lsbCByZXR1cm4gYSBkaWN0aW9uYXJ5IHRoYXQKICAgIGNhbiBiZSB1c2VkIGFzIHRoZSAkbmV3X3N0YXRlIGFyZyBvZiBTZXRUb2tlblByaXZpbGVnZXMgdG8gdW5kbyBhbmQgcmV2ZXJ0CiAgICBiYWNrIHRvIHRoZSBvcmlnaW5hbCBzdGF0ZS4gSWYgeW91IHJlbW92ZSBhIHByaXZpbGVnZSB0aGVuIHRoaXMgaXMKICAgIGlycmV2ZXJzaWJsZSBhbmQgd29uJ3QgYmUgcGFydCBvZiB0aGUgcmV0dXJuZWQgZGljdAogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICAjIGJ1aWxkIHRoZSBDIyBjb2RlIHRvIGNvbXBpbGUKICAgICRuYW1lc3BhY2VfaW1wb3J0ID0gKCRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX25hbWVzcGFjZXMgfCBGb3JFYWNoLU9iamVjdCB7ICJ1c2luZyAkXzsiIH0pIC1qb2luICJgcmBuIgogICAgJHBsYXRmb3JtX3V0aWwgPSAiJG5hbWVzcGFjZV9pbXBvcnRgcmBuYHJgbiRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGUiCgogICAgIyBGVVRVUkU6IGZpbmQgYSBiZXR0ZXIgd2F5IHRvIGdldCB0aGUgX2Fuc2libGVfcmVtb3RlX3RtcCB2YXJpYWJsZQogICAgIyB0aGlzIGlzIHVzZWQgdG8gZm9yY2UgY3NjIHRvIGNvbXBpbGUgdGhlIEMjIGNvZGUgaW4gdGhlIHJlbW90ZSB0bXAKICAgICMgc3BlY2lmaWVkCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwbGF0Zm9ybV91dGlsCiAgICAkZW52OlRNUCA9ICRvcmlnaW5hbF90bXAKfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQcml2aWxlZ2UgewogICAgPCMKICAgIC5TWU5PUFNJUwogICAgR2V0IHRoZSBzdGF0dXMgb2YgYSBwcml2aWxlZ2UgZm9yIHRoZSBjdXJyZW50IHByb2Nlc3MuIFRoaXMgcmV0dXJucwogICAgICAgICR0cnVlIC0gdGhlIHByaXZpbGVnZSBpcyBlbmFibGVkCiAgICAgICAgJGZhbHNlIC0gdGhlIHByaXZpbGVnZSBpcyBkaXNhYmxlZAogICAgICAgICRudWxsIC0gdGhlIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gdGhlIHRva2VuCgogICAgSWYgTmFtZSBpcyBub3QgYSB2YWxpZCBwcml2aWxlZ2UgbmFtZSwgdGhpcyB3aWxsIHRocm93IGFuCiAgICBBcmd1bWVudEV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VEZWJ1Z1ByaXZpbGVnZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZQogICAgKQoKICAgIGlmICgtbm90IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkTmFtZSkpIHsKICAgICAgICB0aHJvdyBbU3lzdGVtLkFyZ3VtZW50RXhjZXB0aW9uXSAiSW52YWxpZCBwcml2aWxlZ2UgbmFtZSAnJE5hbWUnIgogICAgfQoKICAgICRwcm9jZXNzX3Rva2VuID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0Q3VycmVudFByb2Nlc3MoKQogICAgJHByaXZpbGVnZV9pbmZvID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2Vzc190b2tlbikKICAgIGlmICgkcHJpdmlsZWdlX2luZm8uQ29udGFpbnNLZXkoJE5hbWUpKSB7CiAgICAgICAgJHN0YXR1cyA9ICRwcml2aWxlZ2VfaW5mby4kTmFtZQogICAgICAgIHJldHVybiAkc3RhdHVzLkhhc0ZsYWcoW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VBdHRyaWJ1dGVzXTo6RW5hYmxlZCkKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRudWxsCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1BbnNpYmxlUHJpdmlsZWdlIHsKICAgIDwjCiAgICAuU1lOT1BTSVMKICAgIEVuYWJsZXMvRGlzYWJsZXMgYSBwcml2aWxlZ2Ugb24gdGhlIGN1cnJlbnQgcHJvY2VzcycgdG9rZW4uIElmIGEgcHJpdmlsZWdlCiAgICBoYXMgYmVlbiByZW1vdmVkIGZyb20gdGhlIHByb2Nlc3MgdG9rZW4sIHRoaXMgd2lsbCB0aHJvdyBhbgogICAgSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgIyBlbmFibGUgYSBwcml2aWxlZ2UKICAgIFNldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQ3JlYXRlU3ltYm9saWNMaW5rUHJpdmlsZWdlIC1WYWx1ZSAkdHJ1ZQoKICAgICMgZGlzYWJsZSBhIHByaXZpbGVnZQogICAgU2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VDcmVhdGVTeW1ib2xpY0xpbmtQcml2aWxlZ2UgLVZhbHVlICRmYWxzZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKFN1cHBvcnRzU2hvdWxkUHJvY2VzcyldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZSwKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW2Jvb2xdJFZhbHVlCiAgICApCgogICAgJGFjdGlvbiA9IHN3aXRjaCgkVmFsdWUpIHsKICAgICAgICAkdHJ1ZSB7ICJFbmFibGUiIH0KICAgICAgICAkZmFsc2UgeyAiRGlzYWJsZSIgfQogICAgfQoKICAgICRjdXJyZW50X3N0YXRlID0gR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgJE5hbWUKICAgIGlmICgkY3VycmVudF9zdGF0ZSAtZXEgJFZhbHVlKSB7CiAgICAgICAgcmV0dXJuICAjIG5vIGNoYW5nZSBuZWVkcyB0byBvY2N1cgogICAgfSBlbHNlaWYgKCRudWxsIC1lcSAkY3VycmVudF9zdGF0ZSkgewogICAgICAgICMgb25jZSBhIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gYSB0b2tlbiB3ZSBjYW5ub3QgZG8gYW55dGhpbmcgd2l0aCBpdAogICAgICAgIHRocm93IFtTeXN0ZW0uSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbl0gIkNhbm5vdCAkKCRhY3Rpb24uVG9Mb3dlcigpKSB0aGUgcHJpdmlsZWdlICckTmFtZScgYXMgaXQgaGFzIGJlZW4gcmVtb3ZlZCBmcm9tIHRoZSB0b2tlbiIKICAgIH0KCiAgICAkcHJvY2Vzc190b2tlbiA9IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCkKICAgIGlmICgkUFNDbWRsZXQuU2hvdWxkUHJvY2VzcygkTmFtZSwgIiRhY3Rpb24gdGhlIHByaXZpbGVnZSAkTmFtZSIpKSB7CiAgICAgICAgJG5ld19zdGF0ZSA9IE5ldy1PYmplY3QgLVR5cGVOYW1lICdTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmddLCBbU3lzdGVtLk51bGxhYmxlYDFbU3lzdGVtLkJvb2xlYW5dXV0nCiAgICAgICAgJG5ld19zdGF0ZS5BZGQoJE5hbWUsICRWYWx1ZSkKICAgICAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3NfdG9rZW4sICRuZXdfc3RhdGUpID4gJG51bGwKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gSW1wb3J0LVByaXZpbGVnZVV0aWwsIEdldC1BbnNpYmxlUHJpdmlsZWdlLCBTZXQtQW5zaWJsZVByaXZpbGVnZSBgCiAgICAtVmFyaWFibGUgYW5zaWJsZV9wcml2aWxlZ2VfdXRpbF9uYW1lc3BhY2VzLCBhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGU=", "Ansible.ModuleUtils.LinkUtil": "ICMgQ29weXJpZ2h0IChjKSAyMDE3IEFuc2libGUgUHJvamVjdAogIyBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlIChzZWUgbGljZW5zZXMvc2ltcGxpZmllZF9ic2QudHh0IG9yIGh0dHBzOi8vb3BlbnNvdXJjZS5vcmcvbGljZW5zZXMvQlNELTItQ2xhdXNlKQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Qcml2aWxlZ2VVdGlsCgpGdW5jdGlvbiBMb2FkLUxpbmtVdGlscygpIHsKICAgICRsaW5rX3V0aWwgPSBAJwp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWM7CnVzaW5nIFN5c3RlbS5JTzsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwp1c2luZyBTeXN0ZW0uVGV4dDsKCm5hbWVzcGFjZSBBbnNpYmxlCnsKICAgIHB1YmxpYyBlbnVtIExpbmtUeXBlCiAgICB7CiAgICAgICAgU3ltYm9saWNMaW5rLAogICAgICAgIEp1bmN0aW9uUG9pbnQsCiAgICAgICAgSGFyZExpbmsKICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CgogICAgICAgIHB1YmxpYyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIExpbmtVdGlsV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgb3ZlcnJpZGUgc3RyaW5nIE1lc3NhZ2UgeyBnZXQgeyByZXR1cm4gX21zZzsgfSB9CiAgICAgICAgcHVibGljIHN0YXRpYyBleHBsaWNpdCBvcGVyYXRvciBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBMaW5rSW5mbwogICAgewogICAgICAgIHB1YmxpYyBMaW5rVHlwZSBUeXBlIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICBwdWJsaWMgc3RyaW5nIFByaW50TmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBTdWJzdGl0dXRlTmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBBYnNvbHV0ZVBhdGggeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIHB1YmxpYyBzdHJpbmcgVGFyZ2V0UGF0aCB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZ1tdIEhhcmRUYXJnZXRzIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgIH0KCiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICBwdWJsaWMgc3RydWN0IFJFUEFSU0VfREFUQV9CVUZGRVIKICAgIHsKICAgICAgICBwdWJsaWMgVUludDMyIFJlcGFyc2VUYWc7CiAgICAgICAgcHVibGljIFVJbnQxNiBSZXBhcnNlRGF0YUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFJlc2VydmVkOwogICAgICAgIHB1YmxpYyBVSW50MTYgU3Vic3RpdHV0ZU5hbWVPZmZzZXQ7CiAgICAgICAgcHVibGljIFVJbnQxNiBTdWJzdGl0dXRlTmFtZUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZU9mZnNldDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZUxlbmd0aDsKCiAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkJ5VmFsQXJyYXksIFNpemVDb25zdCA9IExpbmtVdGlsLk1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFKV0KICAgICAgICBwdWJsaWMgY2hhcltdIFBhdGhCdWZmZXI7CiAgICB9CgogICAgcHVibGljIGNsYXNzIExpbmtVdGlsCiAgICB7CiAgICAgICAgcHVibGljIGNvbnN0IGludCBNQVhJTVVNX1JFUEFSU0VfREFUQV9CVUZGRVJfU0laRSA9IDEwMjQgKiAxNjsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgPSAweDAyMDAwMDAwOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgPSAweDAwMjAwMDAwOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBGU0NUTF9HRVRfUkVQQVJTRV9QT0lOVCA9IDB4MDAwOTAwQTg7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQgPSAweDAwMDkwMEE0OwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfREVWSUNFX0ZJTEVfU1lTVEVNID0gMHgwMDA5MDAwMDsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgSU9fUkVQQVJTRV9UQUdfTU9VTlRfUE9JTlQgPSAweEEwMDAwMDAzOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIElPX1JFUEFSU0VfVEFHX1NZTUxJTksgPSAweEEwMDAwMDBDOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1MSU5LX0ZMQUdfUkVMQVRJVkUgPSAweDAwMDAwMDAxOwoKICAgICAgICBwcml2YXRlIGNvbnN0IEludDY0IElOVkFMSURfSEFORExFX1ZBTFVFID0gLTE7CgogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIFNJWkVfT0ZfV0NIQVIgPSAyOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRSA9IDB4MDAwMDAwMDA7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgU1lNQk9MSUNfTElOS19GTEFHX0RJUkVDVE9SWSA9IDB4MDAwMDAwMDE7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBTYWZlRmlsZUhhbmRsZSBDcmVhdGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLlU0KV0gRmlsZUFjY2VzcyBkd0Rlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5VNCldIEZpbGVTaGFyZSBkd1NoYXJlTW9kZSwKICAgICAgICAgICAgSW50UHRyIGxwU2VjdXJpdHlBdHRyaWJ1dGVzLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuVTQpXSBGaWxlTW9kZSBkd0NyZWF0aW9uRGlzcG9zaXRpb24sCiAgICAgICAgICAgIFVJbnQ ScriptBlock ID: 06a48d89-e848-4a01-8f49-121f1c9d8a68 Path:	4104	1		3	2	15	0	1720	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3220	4624	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:35 PM	e5295ba9-9827-0002-4b5d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.PrivilegeUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTggQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiMgc3RvcmUgaW4gc2VwYXJhdGUgdmFyaWFibGVzIHRvIG1ha2UgaXQgZWFzaWVyIGZvciBvdGhlciBtb2R1bGVfdXRpbHMgdG8KIyBzaGFyZSB0aGlzIGNvZGUgaW4gdGhlaXIgb3duIGMjIGNvZGUKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfbmFtZXNwYWNlcyA9IEAoCiAgICAiTWljcm9zb2Z0LldpbjMyLlNhZmVIYW5kbGVzIiwKICAgICJTeXN0ZW0iLAogICAgIlN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljIiwKICAgICJTeXN0ZW0uTGlucSIsCiAgICAiU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzIiwKICAgICJTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsIiwKICAgICJTeXN0ZW0uVGV4dCIKKQoKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfY29kZSA9IEAnCm5hbWVzcGFjZSBBbnNpYmxlLlByaXZpbGVnZVV0aWwKewogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gUHJpdmlsZWdlQXR0cmlidXRlcyA6IHVpbnQKICAgIHsKICAgICAgICBEaXNhYmxlZCA9IDB4MDAwMDAwMDAsCiAgICAgICAgRW5hYmxlZEJ5RGVmYXVsdCA9IDB4MDAwMDAwMDEsCiAgICAgICAgRW5hYmxlZCA9IDB4MDAwMDAwMDIsCiAgICAgICAgUmVtb3ZlZCA9IDB4MDAwMDAwMDQsCiAgICAgICAgVXNlZEZvckFjY2VzcyA9IDB4ODAwMDAwMDAsCiAgICB9CgogICAgaW50ZXJuYWwgY2xhc3MgTmF0aXZlSGVscGVycwogICAgewogICAgICAgIFtTdHJ1Y3RMYXlvdXQoTGF5b3V0S2luZC5TZXF1ZW50aWFsKV0KICAgICAgICBpbnRlcm5hbCBzdHJ1Y3QgTFVJRAogICAgICAgIHsKICAgICAgICAgICAgcHVibGljIFVJbnQzMiBMb3dQYXJ0OwogICAgICAgICAgICBwdWJsaWMgSW50MzIgSGlnaFBhcnQ7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IExVSURfQU5EX0FUVFJJQlVURVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBMVUlEIEx1aWQ7CiAgICAgICAgICAgIHB1YmxpYyBQcml2aWxlZ2VBdHRyaWJ1dGVzIEF0dHJpYnV0ZXM7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IFRPS0VOX1BSSVZJTEVHRVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBVSW50MzIgUHJpdmlsZWdlQ291bnQ7CiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5CeVZhbEFycmF5LCBTaXplQ29uc3QgPSAxKV0KICAgICAgICAgICAgcHVibGljIExVSURfQU5EX0FUVFJJQlVURVNbXSBQcml2aWxlZ2VzOwogICAgICAgIH0KICAgIH0KCiAgICBpbnRlcm5hbCBjbGFzcyBOYXRpdmVNZXRob2RzCiAgICB7CiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIEFkanVzdFRva2VuUHJpdmlsZWdlcygKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuQm9vbCldIGJvb2wgRGlzYWJsZUFsbFByaXZpbGVnZXMsCiAgICAgICAgICAgIEludFB0ciBOZXdTdGF0ZSwKICAgICAgICAgICAgVUludDMyIEJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgSW50UHRyIFByZXZpb3VzU3RhdGUsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIENsb3NlSGFuZGxlKAogICAgICAgICAgICBJbnRQdHIgaE9iamVjdCk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBTYWZlV2FpdEhhbmRsZSBHZXRDdXJyZW50UHJvY2VzcygpOwoKICAgICAgICBbRGxsSW1wb3J0KCJhZHZhcGkzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgR2V0VG9rZW5JbmZvcm1hdGlvbigKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBVSW50MzIgVG9rZW5JbmZvcm1hdGlvbkNsYXNzLAogICAgICAgICAgICBJbnRQdHIgVG9rZW5JbmZvcm1hdGlvbiwKICAgICAgICAgICAgVUludDMyIFRva2VuSW5mb3JtYXRpb25MZW5ndGgsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZU5hbWUoCiAgICAgICAgICAgIHN0cmluZyBscFN5c3RlbU5hbWUsCiAgICAgICAgICAgIHJlZiBOYXRpdmVIZWxwZXJzLkxVSUQgbHBMdWlkLAogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGxwTmFtZSwKICAgICAgICAgICAgcmVmIFVJbnQzMiBjY2hOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZVZhbHVlKAogICAgICAgICAgICBzdHJpbmcgbHBTeXN0ZW1OYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBOYW1lLAogICAgICAgICAgICBvdXQgTmF0aXZlSGVscGVycy5MVUlEIGxwTHVpZCk7CgogICAgICAgIFtEbGxJbXBvcnQoImFkdmFwaTMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBPcGVuUHJvY2Vzc1Rva2VuKAogICAgICAgICAgICBTYWZlSGFuZGxlIFByb2Nlc3NIYW5kbGUsCiAgICAgICAgICAgIFRva2VuQWNjZXNzTGV2ZWxzIERlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIG91dCBJbnRQdHIgVG9rZW5IYW5kbGUpOwogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KICAgICAgICBwdWJsaWMgV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQogICAgICAgIHB1YmxpYyBvdmVycmlkZSBzdHJpbmcgTWVzc2FnZSB7IGdldCB7IHJldHVybiBfbXNnOyB9IH0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4cGxpY2l0IG9wZXJhdG9yIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgV2luMzJFeGNlcHRpb24obWVzc2FnZSk7IH0KICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgUHJpdmlsZWdlcwogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IFVJbnQzMiBUT0tFTl9QUklWSUxFR0VTID0gMzsKCgogICAgICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBDaGVja1ByaXZpbGVnZU5hbWUoc3RyaW5nIG5hbWUpCiAgICAgICAgewogICAgICAgICAgICBOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZDsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIG5hbWUsIG91dCBsdWlkKSkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICBpZiAoZXJyQ29kZSAhPSAxMzEzKSAgLy8gRVJST1JfTk9fU1VDSF9QUklWSUxFR0UKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oZXJyQ29kZSwgU3RyaW5nLkZvcm1hdCgiTG9va3VwUHJpdmlsZWdlVmFsdWUoezB9KSBmYWlsZWQiLCBuYW1lKSk7CiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICByZXR1cm4gdHJ1ZTsKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IERpc2FibGVQcml2aWxlZ2UoU2FmZUhhbmRsZSB0b2tlbiwgc3RyaW5nIHByaXZpbGVnZSkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgZmFsc2UgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBEaXNhYmxlQWxsUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuKQogICAgICAgIHsKICAgICAgICAgICAgcmV0dXJuIEFkanVzdFRva2VuUHJpdmlsZWdlcyh0b2tlbiwgbnVsbCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIERpY3Rpb25hcnk8c3RyaW5nLCBib29sPz4gRW5hYmxlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICByZXR1cm4gU2V0VG9rZW5Qcml2aWxlZ2VzKHRva2VuLCBuZXcgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PigpIHsgeyBwcml2aWxlZ2UsIHRydWUgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IEdldEFsbFByaXZpbGVnZUluZm8oU2FmZUhhbmRsZSB0b2tlbikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBoVG9rZW4gPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLk9wZW5Qcm9jZXNzVG9rZW4odG9rZW4sIFRva2VuQWNjZXNzTGV2ZWxzLlF1ZXJ5LCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiT3BlblByb2Nlc3NUb2tlbigpIGZhaWxlZCIpOwoKICAgICAgICAgICAgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IGluZm8gPSBuZXcgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+KCk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBVSW50MzIgdG9rZW5MZW5ndGggPSAwOwogICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5HZXRUb2tlbkluZm9ybWF0aW9uKGhUb2tlbiwgVE9LRU5fUFJJVklMRUdFUywgSW50UHRyLlplcm8sIDAsIG91dCB0b2tlbkxlbmd0aCk7CgogICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlczsKICAgICAgICAgICAgICAgIEludFB0ciBwcml2aWxlZ2VzUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoKGludCl0b2tlbkxlbmd0aCk7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuR2V0VG9rZW5JbmZvcm1hdGlvbihoVG9rZW4sIFRPS0VOX1BSSVZJTEVHRVMsIHByaXZpbGVnZXNQdHIsIHRva2VuTGVuZ3RoLCBvdXQgdG9rZW5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkdldFRva2VuSW5mb3JtYXRpb24oKSBmb3IgVE9LRU5fUFJJVklMRUdFUyBmYWlsZWQiKTsKCiAgICAgICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTIHByaXZpbGVnZUluZm8gPSAoTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTKU1hcnNoYWwuUHRyVG9TdHJ1Y3R1cmUocHJpdmlsZWdlc1B0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgIHByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW3ByaXZpbGVnZUluZm8uUHJpdmlsZWdlQ291bnRdOwogICAgICAgICAgICAgICAgICAgIFB0clRvU3RydWN0dXJlQXJyYXkocHJpdmlsZWdlcywgSW50UHRyLkFkZChwcml2aWxlZ2VzUHRyLCBNYXJzaGFsLlNpemVPZihwcml2aWxlZ2VJbmZvLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwocHJpdmlsZWdlc1B0cik7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgaW5mbyA9IHByaXZpbGVnZXMuVG9EaWN0aW9uYXJ5KHAgPT4gR2V0UHJpdmlsZWdlTmFtZShwLkx1aWQpLCBwID0+IHAuQXR0cmlidXRlcyk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBOYXRpdmVNZXRob2RzLkNsb3NlSGFuZGxlKGhUb2tlbik7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcmV0dXJuIGluZm87CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIFNhZmVXYWl0SGFuZGxlIEdldEN1cnJlbnRQcm9jZXNzKCkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBOYXRpdmVNZXRob2RzLkdldEN1cnJlbnRQcm9jZXNzKCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgUmVtb3ZlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgbnVsbCB9IH0pOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IFNldFRva2VuUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuLCBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IHN0YXRlKQogICAgICAgIHsKICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlQXR0ciA9IG5ldyBOYXRpdmVIZWxwZXJzLkxVSURfQU5EX0FUVFJJQlVURVNbc3RhdGUuQ291bnRdOwogICAgICAgICAgICBpbnQgaSA9IDA7CgogICAgICAgICAgICBmb3JlYWNoIChLZXlWYWx1ZVBhaXI8c3RyaW5nLCBib29sPz4gZW50cnkgaW4gc3RhdGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRCBsdWlkOwogICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIGVudHJ5LktleSwgb3V0IGx1aWQpKQogICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJMb29rdXBQcml2aWxlZ2VWYWx1ZSh7MH0pIGZhaWxlZCIsIGVudHJ5LktleSkpOwoKICAgICAgICAgICAgICAgIFByaXZpbGVnZUF0dHJpYnV0ZXMgYXR0cmlidXRlczsKICAgICAgICAgICAgICAgIHN3aXRjaCAoZW50cnkuVmFsdWUpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgY2FzZSB0cnVlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkOwogICAgICAgICAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgICAgICAgICBjYXNlIGZhbHNlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5EaXNhYmxlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICAgICAgZGVmYXVsdDoKICAgICAgICAgICAgICAgICAgICAgICAgYXR0cmlidXRlcyA9IFByaXZpbGVnZUF0dHJpYnV0ZXMuUmVtb3ZlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgcHJpdmlsZWdlQXR0cltpXS5MdWlkID0gbHVpZDsKICAgICAgICAgICAgICAgIHByaXZpbGVnZUF0dHJbaV0uQXR0cmlidXRlcyA9IGF0dHJpYnV0ZXM7CiAgICAgICAgICAgICAgICBpKys7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHJldHVybiBBZGp1c3RUb2tlblByaXZpbGVnZXModG9rZW4sIHByaXZpbGVnZUF0dHIpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBBZGp1c3RUb2tlblByaXZpbGVnZXMoU2FmZUhhbmRsZSB0b2tlbiwgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gbmV3U3RhdGUpCiAgICAgICAgewogICAgICAgICAgICBib29sIGRpc2FibGVBbGxQcml2aWxlZ2VzOwogICAgICAgICAgICBJbnRQdHIgbmV3U3RhdGVQdHI7CiAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1tdIG9sZFN0YXRlUHJpdmlsZWdlczsKICAgICAgICAgICAgVUludDMyIHJldHVybkxlbmd0aDsKCiAgICAgICAgICAgIGlmIChuZXdTdGF0ZSA9PSBudWxsKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBkaXNhYmxlQWxsUHJpdmlsZWdlcyA9IHRydWU7CiAgICAgICAgICAgICAgICBuZXdTdGF0ZVB0ciA9IEludFB0ci5aZXJvOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZGlzYWJsZUFsbFByaXZpbGVnZXMgPSBmYWxzZTsKCiAgICAgICAgICAgICAgICAvLyBOZWVkIHRvIG1hbnVhbGx5IG1hcnNoYWwgdGhlIGJ5dGVzIHJlcXVpcmVzIGZvciBuZXdTdGF0ZSBhcyB0aGUgY29uc3RhbnQgc2l6ZQogICAgICAgICAgICAgICAgLy8gb2YgTFVJRF9BTkRfQVRUUklCVVRFUyBpcyBzZXQgdG8gMSBhbmQgY2FuJ3QgYmUgb3ZlcnJpZGRlbiBhdCBydW50aW1lLCBUT0tFTl9QUklWSUxFR0VTCiAgICAgICAgICAgICAgICAvLyBhbHdheXMgY29udGFpbnMgYXQgbGVhc3QgMSBlbnRyeSBzbyB3ZSBuZWVkIHRvIGNhbGN1bGF0ZSB0aGUgZXh0cmEgc2l6ZSBpZiB0aGVyZSBhcmUKICAgICAgICAgICAgICAgIC8vIG5vcmUgdGhhbiAxIExVSURfQU5EX0FUVFJJQlVURVMgZW50cnkKICAgICAgICAgICAgICAgIGludCB0b2tlblByaXZpbGVnZXNTaXplID0gTWFyc2hhbC5TaXplT2YodHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgaW50IGx1aWRBdHRyU2l6ZSA9IDA7CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMSkKICAgICAgICAgICAgICAgICAgICBsdWlkQXR0clNpemUgPSBNYXJzaGFsLlNpemVPZih0eXBlb2YoTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTKSkgKiAobmV3U3RhdGUuTGVuZ3RoIC0gMSk7CiAgICAgICAgICAgICAgICBpbnQgdG90YWxTaXplID0gdG9rZW5Qcml2aWxlZ2VzU2l6ZSArIGx1aWRBdHRyU2l6ZTsKICAgICAgICAgICAgICAgIGJ5dGVbXSBuZXdTdGF0ZUJ5dGVzID0gbmV3IGJ5dGVbdG90YWxTaXplXTsKCiAgICAgICAgICAgICAgICAvLyBnZXQgdGhlIGZpcnN0IGVudHJ5IHRoYXQgaW5jbHVkZXMgdGhlIHN0cnVjdCBkZXRhaWxzCiAgICAgICAgICAgICAgICBOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMgdG9rZW5Qcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUygpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgUHJpdmlsZWdlQ291bnQgPSAoVUludDMyKW5ld1N0YXRlLkxlbmd0aCwKICAgICAgICAgICAgICAgICAgICBQcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1sxXSwKICAgICAgICAgICAgICAgIH07CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMCkKICAgICAgICAgICAgICAgICAgICB0b2tlblByaXZpbGVnZXMuUHJpdmlsZWdlc1swXSA9IG5ld1N0YXRlWzBdOwogICAgICAgICAgICAgICAgaW50IG9mZnNldCA9IFN0cnVjdHVyZVRvQnl0ZXModG9rZW5Qcml2aWxlZ2VzLCBuZXdTdGF0ZUJ5dGVzLCAw ScriptBlock ID: 06a48d89-e848-4a01-8f49-121f1c9d8a68 Path:	4104	1		3	2	15	0	1719	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3220	4624	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:35 PM	e5295ba9-9827-0002-4b5d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1718	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3220	3256	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:35 PM	e5295ba9-9827-0004-655c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3220 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1717	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3220	4648	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:35 PM	e5295ba9-9827-0004-655c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1716	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3220	3256	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:35 PM	e5295ba9-9827-0004-655c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 5b90bcde-63dc-4ae7-8a8f-a28d3b506248 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = d7e55855-bf80-4dcc-a3ca-2ccbcbdad880 Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 35 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1715	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4780	3776	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:27 PM	e5295ba9-9827-0003-4a5d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $_.$guid_key -eq $adapter.SettingID } ScriptBlock ID: c582b204-f7d1-41cf-b97a-46151ff7ad9f Path:	4104	1		3	2	15	0	1714	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4780	3776	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:27 PM	e5295ba9-9827-0003-455d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Error Message = The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: The term 'facter' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. Fully Qualified Error ID = CommandNotFoundException,Microsoft.PowerShell.Commands.GetCommandCommand Context: Severity = Warning Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 5b90bcde-63dc-4ae7-8a8f-a28d3b506248 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = d7e55855-bf80-4dcc-a3ca-2ccbcbdad880 Pipeline ID = 5 Command Name = Get-Command Command Type = Cmdlet Script Name = Command Path = Sequence Number = 33 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4100	1		3	106	19	0	1713	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4780	3776	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:26 PM	e5295ba9-9827-0003-3d5d-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	To be used when an exception is raised	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2018, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy Function Get-CustomFacts { [cmdletBinding()] param ( [Parameter(mandatory=$false)] $factpath = $null ) if (-not (Test-Path -Path $factpath)) { Fail-Json $result "The path $factpath does not exist. Typo?" } $FactsFiles = Get-ChildItem -Path $factpath | Where-Object -FilterScript {($PSItem.PSIsContainer -eq $false) -and ($PSItem.Extension -eq '.ps1')} foreach ($FactsFile in $FactsFiles) { $out = & $($FactsFile.FullName) $result.ansible_facts.Add("ansible_$(($FactsFile.Name).Split('.')[0])", $out) } } Function Get-MachineSid { # The Machine SID is stored in HKLM:\SECURITY\SAM\Domains\Account and is # only accessible by the Local System account. This method get's the local # admin account (ends with -500) and lops it off to get the machine sid. $admins_sid = "S-1-5-32-544" $admin_group = ([Security.Principal.SecurityIdentifier]$admins_sid).Translate([Security.Principal.NTAccount]).Value Add-Type -AssemblyName System.DirectoryServices.AccountManagement $principal_context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine) $group_principal = New-Object -TypeName System.DirectoryServices.AccountManagement.GroupPrincipal($principal_context, $admin_group) $searcher = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalSearcher($group_principal) $groups = $searcher.FindOne() $machine_sid = $null foreach ($user in $groups.Members) { $user_sid = $user.Sid if ($user_sid.Value.EndsWith("-500")) { $machine_sid = $user_sid.AccountDomainSid.Value break } } return $machine_sid } $cim_instances = @{} Function Get-LazyCimInstance([string]$instance_name, [string]$namespace="Root\CIMV2") { if(-not $cim_instances.ContainsKey($instance_name)) { $cim_instances[$instance_name] = $(Get-CimInstance -Namespace $namespace -ClassName $instance_name) } return $cim_instances[$instance_name] } $result = @{ ansible_facts = @{ } changed = $false } $grouped_subsets = @{ min=[System.Collections.Generic.List[string]]@('date_time','distribution','dns','env','local','platform','powershell_version','user') network=[System.Collections.Generic.List[string]]@('all_ipv4_addresses','all_ipv6_addresses','interfaces','windows_domain', 'winrm') hardware=[System.Collections.Generic.List[string]]@('bios','memory','processor','uptime') external=[System.Collections.Generic.List[string]]@('facter') } # build "all" set from everything mentioned in the group- this means every value must be in at least one subset to be considered legal $all_set = [System.Collections.Generic.HashSet[string]]@() foreach($kv in $grouped_subsets.GetEnumerator()) { [void] $all_set.UnionWith($kv.Value) } # dynamically create an "all" subset now that we know what should be in it $grouped_subsets['all'] = [System.Collections.Generic.List[string]]$all_set # start with all, build up gather and exclude subsets $gather_subset = [System.Collections.Generic.HashSet[string]]$grouped_subsets.all $explicit_subset = [System.Collections.Generic.HashSet[string]]@() $exclude_subset = [System.Collections.Generic.HashSet[string]]@() $params = Parse-Args $args -supports_check_mode $true $factpath = Get-AnsibleParam -obj $params -name "fact_path" -type "path" $gather_subset_source = Get-AnsibleParam -obj $params -name "gather_subset" -type "list" -default "all" foreach($item in $gather_subset_source) { if(([string]$item).StartsWith("!")) { $item = ([string]$item).Substring(1) if($item -eq "all") { $all_minus_min = [System.Collections.Generic.HashSet[string]]@($all_set) [void] $all_minus_min.ExceptWith($grouped_subsets.min) [void] $exclude_subset.UnionWith($all_minus_min) } elseif($grouped_subsets.ContainsKey($item)) { [void] $exclude_subset.UnionWith($grouped_subsets[$item]) } elseif($all_set.Contains($item)) { [void] $exclude_subset.Add($item) } # NB: invalid exclude values are ignored, since that's what posix setup does } else { if($grouped_subsets.ContainsKey($item)) { [void] $explicit_subset.UnionWith($grouped_subsets[$item]) } elseif($all_set.Contains($item)) { [void] $explicit_subset.Add($item) } else { # NB: POSIX setup fails on invalid value; we warn, because we don't implement the same set as POSIX # and we don't have platform-specific config for this... Add-Warning $result "invalid value $item specified in gather_subset" } } } [void] $gather_subset.ExceptWith($exclude_subset) [void] $gather_subset.UnionWith($explicit_subset) $ansible_facts = @{ gather_subset=@($gather_subset_source) module_setup=$true } $osversion = [Environment]::OSVersion if($gather_subset.Contains('all_ipv4_addresses') -or $gather_subset.Contains('all_ipv6_addresses')) { $netcfg = Get-LazyCimInstance Win32_NetworkAdapterConfiguration # TODO: split v4/v6 properly, return in separate keys $ips = @() Foreach ($ip in $netcfg.IPAddress) { If ($ip) { $ips += $ip } } $ansible_facts += @{ ansible_ip_addresses = $ips } } if($gather_subset.Contains('bios')) { $win32_bios = Get-LazyCimInstance Win32_Bios $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $ansible_facts += @{ ansible_bios_date = $win32_bios.ReleaseDate.ToString("MM/dd/yyyy") ansible_bios_version = $win32_bios.SMBIOSBIOSVersion ansible_product_name = $win32_cs.Model.Trim() ansible_product_serial = $win32_bios.SerialNumber # ansible_product_version = ([string] $win32_cs.SystemFamily) } } if($gather_subset.Contains('date_time')) { $datetime = (Get-Date) $datetime_utc = $datetime.ToUniversalTime() $date = @{ date = $datetime.ToString("yyyy-MM-dd") day = $datetime.ToString("dd") epoch = (Get-Date -UFormat "%s") hour = $datetime.ToString("HH") iso8601 = $datetime_utc.ToString("yyyy-MM-ddTHH:mm:ssZ") iso8601_basic = $datetime.ToString("yyyyMMddTHHmmssffffff") iso8601_basic_short = $datetime.ToString("yyyyMMddTHHmmss") iso8601_micro = $datetime_utc.ToString("yyyy-MM-ddTHH:mm:ss.ffffffZ") minute = $datetime.ToString("mm") month = $datetime.ToString("MM") second = $datetime.ToString("ss") time = $datetime.ToString("HH:mm:ss") tz = ([System.TimeZoneInfo]::Local.Id) tz_offset = $datetime.ToString("zzzz") # Ensure that the weekday is in English weekday = $datetime.ToString("dddd", [System.Globalization.CultureInfo]::InvariantCulture) weekday_number = (Get-Date -UFormat "%w") weeknumber = (Get-Date -UFormat "%W") year = $datetime.ToString("yyyy") } $ansible_facts += @{ ansible_date_time = $date } } if($gather_subset.Contains('distribution')) { $win32_os = Get-LazyCimInstance Win32_OperatingSystem $product_type = switch($win32_os.ProductType) { 1 { "workstation" } 2 { "domain_controller" } 3 { "server" } default { "unknown" } } $ansible_facts += @{ ansible_distribution = $win32_os.Caption ansible_distribution_version = $osversion.Version.ToString() ansible_distribution_major_version = $osversion.Version.Major.ToString() ansible_os_family = "Windows" ansible_os_name = ($win32_os.Name.Split('|')[0]).Trim() ansible_os_product_type = $product_type } } if($gather_subset.Contains('env')) { $env_vars = @{ } foreach ($item in Get-ChildItem Env:) { $name = $item | select -ExpandProperty Name # Powershell ConvertTo-Json fails if string ends with \ $value = ($item | select -ExpandProperty Value).TrimEnd("\") $env_vars.Add($name, $value) } $ansible_facts += @{ ansible_env = $env_vars } } if($gather_subset.Contains('facter')) { # See if Facter is on the System Path Try { $facter_exe = Get-Command facter -ErrorAction Stop $facter_installed = $true } Catch { $facter_installed = $false } # Get JSON from Facter, and parse it out. if ($facter_installed) { &facter -j | Tee-Object -Variable facter_output | Out-Null $facts = "$facter_output" | ConvertFrom-Json ForEach($fact in $facts.PSObject.Properties) { $fact_name = $fact.Name $ansible_facts.Add("facter_$fact_name", $fact.Value) } } } if($gather_subset.Contains('interfaces')) { $netcfg = Get-LazyCimInstance Win32_NetworkAdapterConfiguration $ActiveNetcfg = @() $ActiveNetcfg += $netcfg | where {$_.ipaddress -ne $null} $namespaces = Get-LazyCimInstance __Namespace -namespace root if ($namespaces | Where-Object { $_.Name -eq "StandardCimv" }) { $net_adapters = Get-LazyCimInstance MSFT_NetAdapter -namespace Root\StandardCimv2 $guid_key = "InterfaceGUID" $name_key = "Name" } else { $net_adapters = Get-LazyCimInstance Win32_NetworkAdapter $guid_key = "GUID" $name_key = "NetConnectionID" } $formattednetcfg = @() foreach ($adapter in $ActiveNetcfg) { $thisadapter = @{ default_gateway = $null connection_name = $null dns_domain = $adapter.dnsdomain interface_index = $adapter.InterfaceIndex interface_name = $adapter.description macaddress = $adapter.macaddress } if ($adapter.defaultIPGateway) { $thisadapter.default_gateway = $adapter.DefaultIPGateway[0].ToString() } $net_adapter = $net_adapters | Where-Object { $_.$guid_key -eq $adapter.SettingID } if ($net_adapter) { $thisadapter.connection_name = $net_adapter.$name_key } $formattednetcfg += $thisadapter } $ansible_facts += @{ ansible_interfaces = $formattednetcfg } } if ($gather_subset.Contains("local") -and $factpath -ne $null) { # Get any custom facts; results are updated in the Get-CustomFacts -factpath $factpath } if($gather_subset.Contains('memory')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ansible_facts += @{ # Win32_PhysicalMemory is empty on some virtual platforms ansible_memtotal_mb = ([math]::round($win32_cs.TotalPhysicalMemory / 1024 / 1024)) ansible_swaptotal_mb = ([math]::round($win32_os.TotalSwapSpaceSize / 1024 / 1024)) } } if($gather_subset.Contains('platform')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ip_props = [System.Net.NetworkInformation.IPGlobalProperties]::GetIPGlobalProperties() $ansible_facts += @{ ansible_architecture = $win32_os.OSArchitecture ansible_domain = $ip_props.DomainName ansible_fqdn = ($ip_props.Hostname + "." + $ip_props.DomainName) ansible_hostname = $env:COMPUTERNAME ansible_kernel = $osversion.Version.ToString() ansible_nodename = ($ip_props.HostName + "." + $ip_props.DomainName) ansible_machine_id = Get-MachineSid ansible_owner_contact = ([string] $win32_cs.PrimaryOwnerContact) ansible_owner_name = ([string] $win32_cs.PrimaryOwnerName) # FUTURE: should this live in its own subset? ansible_reboot_pending = (Get-PendingRebootStatus) ansible_system = $osversion.Platform.ToString() ansible_system_description = ([string] $win32_os.Description) ansible_system_vendor = $win32_cs.Manufacturer } } if($gather_subset.Contains('powershell_version')) { $ansible_facts += @{ ansible_powershell_version = ($PSVersionTable.PSVersion.Major) } } if($gather_subset.Contains('processor')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_cpu = Get-LazyCimInstance Win32_Processor if ($win32_cpu -is [array]) { # multi-socket, pick first $win32_cpu = $win32_cpu[0] } $cpu_list = @( ) for ($i=1; $i -le ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors); $i++) { $cpu_list += $win32_cpu.Manufacturer $cpu_list += $win32_cpu.Name } $ansible_facts += @{ ansible_processor = $cpu_list ansible_processor_cores = $win32_cpu.NumberOfCores ansible_processor_count = $win32_cs.NumberOfProcessors ansible_processor_threads_per_core = ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors / $win32_cpu.NumberOfCores) ansible_processor_vcpus = ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors) } } if($gather_subset.Contains('uptime')) { $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ansible_facts += @{ ansible_lastboot = $win32_os.lastbootuptime.ToString("u") ansible_uptime_seconds = $([System.Convert]::ToInt64($(Get-Date).Subtract($win32_os.lastbootuptime).TotalSeconds)) } } if($gather_subset.Contains('user')) { $user = [Security.Principal.WindowsIdentity]::GetCurrent() $ansible_facts += @{ ansible_user_dir = $env:userprofile # Win32_UserAccount.FullName is probably the right thing here, but it can be expensive to get on large domains ansible_user_gecos = "" ansible_user_id = $env:username ansible_user_sid = $user.User.Value } } if($gather_subset.Contains('windows_domain')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $domain_roles = @{ 0 = "Stand-alone workstation" 1 = "Member workstation" 2 = "Stand-alone server" 3 = "Member server" 4 = "Backup domain controller" 5 = "Primary domain controller" } $domain_role = $domain_roles.Get_Item([Int32]$win32_cs.DomainRole) $ansible_facts += @{ ansible_windows_domain = $win32_cs.Domain ansible_windows_domain_member = $win32_cs.PartOfDomain ansible_windows_domain_role = $domain_role } } if($gather_subset.Contains('winrm')) { $winrm_https_listener_parent_paths = Get-ChildItem -Path WSMan:\localhost\Listener -Recurse | Where-Object {$_.PSChildName -eq "Transport" -and $_.Value -eq "HTTPS"} | select PSParentPath if ($winrm_https_listener_parent_paths -isnot [array]) { $winrm_https_listener_parent_paths = @($winrm_https_listener_parent_paths) } $winrm_https_listener_paths = @() foreach ($winrm_https_listener_parent_path in $winrm_https_listener_parent_paths) { $winrm_https_listener_paths += $winrm_https_listener_parent_path.PSParentPath.Substring($winrm_https_listener_parent_path.PSParentPath.LastIndexOf("\")) } $https_listeners = @() foreach ($winrm_https_listener_path in $winrm_https_listener_paths) { $https_listeners += Get-ChildItem -Path "WSMan:\localhost\Listener$winrm_https_listener_path" } $winrm_cert_thumbprints = @() foreach ($https_listener in $https_listeners) { $winrm_cert_thumbprints += $https_listener | where {$_.Name -EQ "CertificateThumbprint" } | select Value } $winrm_cert_expiry = @() foreach ($winrm_cert_thumbprint in $winrm_cert_thumbprints) { Try { $winrm_cert_expiry += Get-ChildItem -Path Cert:\LocalMachine\My | where Thumbprint -EQ $winrm_cert_thumbprint.Value.ToString().ToUpper() | select NotAfter } Catch {} } $winrm_cert_expirations = $winrm_cert_expiry | Sort-Object NotAfter if ($winrm_cert_expirations) { # this fact was renamed from ansible_winrm_certificate_expires due to collision with ansible_winrm_X connection var pattern $ansible_facts.Add("ansible_win_rm_certificate_expires", $winrm_cert_expirations[0].NotAfter.ToString("yyyy-MM-dd HH:mm:ss")) } } $result.ansible_facts += $ansible_facts Exit-Json $result ScriptBlock ID: 476caa8a-ea9e-49fa-904d-766181e781f8 Path:	4104	1		3	2	15	0	1712	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4780	3776	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:22 PM	e5295ba9-9827-0003-b55c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 701ba639-1b39-43c9-bfb7-87e9303a129d Path:	4104	1		3	2	15	0	1711	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4780	3772	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:21 PM	e5295ba9-9827-0003-b05c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 37e9a87c-1fd9-43e0-bba5-64a5f400358a Path:	4104	1		3	2	15	0	1710	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4780	3772	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:21 PM	e5295ba9-9827-0003-a15c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): yb2xsZXIiCiAgICAgICAgNSA9ICJQcmltYXJ5IGRvbWFpbiBjb250cm9sbGVyIgogICAgfQoKICAgICRkb21haW5fcm9sZSA9ICRkb21haW5fcm9sZXMuR2V0X0l0ZW0oW0ludDMyXSR3aW4zMl9jcy5Eb21haW5Sb2xlKQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV93aW5kb3dzX2RvbWFpbiA9ICR3aW4zMl9jcy5Eb21haW4KICAgICAgICBhbnNpYmxlX3dpbmRvd3NfZG9tYWluX21lbWJlciA9ICR3aW4zMl9jcy5QYXJ0T2ZEb21haW4KICAgICAgICBhbnNpYmxlX3dpbmRvd3NfZG9tYWluX3JvbGUgPSAkZG9tYWluX3JvbGUKICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ3dpbnJtJykpIHsKCiAgICAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGFyZW50X3BhdGhzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCBXU01hbjpcbG9jYWxob3N0XExpc3RlbmVyIC1SZWN1cnNlIHwgV2hlcmUtT2JqZWN0IHskXy5QU0NoaWxkTmFtZSAtZXEgIlRyYW5zcG9ydCIgLWFuZCAkXy5WYWx1ZSAtZXEgIkhUVFBTIn0gfCBzZWxlY3QgUFNQYXJlbnRQYXRoCiAgICBpZiAoJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocyAtaXNub3QgW2FycmF5XSkgewogICAgICAgJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocyA9IEAoJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocykKICAgIH0KCiAgICAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aHMgPSBAKCkKICAgIGZvcmVhY2ggKCR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aCBpbiAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGFyZW50X3BhdGhzKSB7CiAgICAgICAgJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhdGhzICs9ICR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aC5QU1BhcmVudFBhdGguU3Vic3RyaW5nKCR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aC5QU1BhcmVudFBhdGguTGFzdEluZGV4T2YoIlwiKSkKICAgIH0KCiAgICAkaHR0cHNfbGlzdGVuZXJzID0gQCgpCiAgICBmb3JlYWNoICgkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aCBpbiAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aHMpIHsKICAgICAgICAkaHR0cHNfbGlzdGVuZXJzICs9IEdldC1DaGlsZEl0ZW0gLVBhdGggIldTTWFuOlxsb2NhbGhvc3RcTGlzdGVuZXIkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aCIKICAgIH0KCiAgICAkd2lucm1fY2VydF90aHVtYnByaW50cyA9IEAoKQogICAgZm9yZWFjaCAoJGh0dHBzX2xpc3RlbmVyIGluICRodHRwc19saXN0ZW5lcnMpIHsKICAgICAgICAkd2lucm1fY2VydF90aHVtYnByaW50cyArPSAkaHR0cHNfbGlzdGVuZXIgfCB3aGVyZSB7JF8uTmFtZSAtRVEgIkNlcnRpZmljYXRlVGh1bWJwcmludCIgfSB8IHNlbGVjdCBWYWx1ZQogICAgfQoKICAgICR3aW5ybV9jZXJ0X2V4cGlyeSA9IEAoKQogICAgZm9yZWFjaCAoJHdpbnJtX2NlcnRfdGh1bWJwcmludCBpbiAkd2lucm1fY2VydF90aHVtYnByaW50cykgewogICAgICAgIFRyeSB7CiAgICAgICAgICAgICR3aW5ybV9jZXJ0X2V4cGlyeSArPSBHZXQtQ2hpbGRJdGVtIC1QYXRoIENlcnQ6XExvY2FsTWFjaGluZVxNeSB8IHdoZXJlIFRodW1icHJpbnQgLUVRICR3aW5ybV9jZXJ0X3RodW1icHJpbnQuVmFsdWUuVG9TdHJpbmcoKS5Ub1VwcGVyKCkgfCBzZWxlY3QgTm90QWZ0ZXIKICAgICAgICB9IENhdGNoIHt9CiAgICB9CgogICAgJHdpbnJtX2NlcnRfZXhwaXJhdGlvbnMgPSAkd2lucm1fY2VydF9leHBpcnkgfCBTb3J0LU9iamVjdCBOb3RBZnRlcgogICAgaWYgKCR3aW5ybV9jZXJ0X2V4cGlyYXRpb25zKSB7CiAgICAgICAgIyB0aGlzIGZhY3Qgd2FzIHJlbmFtZWQgZnJvbSBhbnNpYmxlX3dpbnJtX2NlcnRpZmljYXRlX2V4cGlyZXMgZHVlIHRvIGNvbGxpc2lvbiB3aXRoIGFuc2libGVfd2lucm1fWCBjb25uZWN0aW9uIHZhciBwYXR0ZXJuCiAgICAgICAgJGFuc2libGVfZmFjdHMuQWRkKCJhbnNpYmxlX3dpbl9ybV9jZXJ0aWZpY2F0ZV9leHBpcmVzIiwgJHdpbnJtX2NlcnRfZXhwaXJhdGlvbnNbMF0uTm90QWZ0ZXIuVG9TdHJpbmcoInl5eXktTU0tZGQgSEg6bW06c3MiKSkKICAgIH0KfQoKJHJlc3VsdC5hbnNpYmxlX2ZhY3RzICs9ICRhbnNpYmxlX2ZhY3RzCgpFeGl0LUpzb24gJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "gather_timeout": 10, "_ansible_module_name": "setup", "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "gather_subset": ["all"], "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 1bdebdc2-c4ce-40b9-95da-1f816685a1ed Path:	4104	1		3	2	15	0	1709	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4780	3772	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:21 PM	e5295ba9-9827-0004-525c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): Btb250aCA9ICRkYXRldGltZS5Ub1N0cmluZygiTU0iKQogICAgICAgIHNlY29uZCA9ICRkYXRldGltZS5Ub1N0cmluZygic3MiKQogICAgICAgIHRpbWUgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIkhIOm1tOnNzIikKICAgICAgICB0eiA9IChbU3lzdGVtLlRpbWVab25lSW5mb106OkxvY2FsLklkKQogICAgICAgIHR6X29mZnNldCA9ICRkYXRldGltZS5Ub1N0cmluZygienp6eiIpCiAgICAgICAgIyBFbnN1cmUgdGhhdCB0aGUgd2Vla2RheSBpcyBpbiBFbmdsaXNoCiAgICAgICAgd2Vla2RheSA9ICRkYXRldGltZS5Ub1N0cmluZygiZGRkZCIsIFtTeXN0ZW0uR2xvYmFsaXphdGlvbi5DdWx0dXJlSW5mb106OkludmFyaWFudEN1bHR1cmUpCiAgICAgICAgd2Vla2RheV9udW1iZXIgPSAoR2V0LURhdGUgLVVGb3JtYXQgIiV3IikKICAgICAgICB3ZWVrbnVtYmVyID0gKEdldC1EYXRlIC1VRm9ybWF0ICIlVyIpCiAgICAgICAgeWVhciA9ICRkYXRldGltZS5Ub1N0cmluZygieXl5eSIpCiAgICB9CgogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICBhbnNpYmxlX2RhdGVfdGltZSA9ICRkYXRlCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdkaXN0cmlidXRpb24nKSkgewogICAgJHdpbjMyX29zID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9PcGVyYXRpbmdTeXN0ZW0KICAgICRwcm9kdWN0X3R5cGUgPSBzd2l0Y2goJHdpbjMyX29zLlByb2R1Y3RUeXBlKSB7CiAgICAgICAgMSB7ICJ3b3Jrc3RhdGlvbiIgfQogICAgICAgIDIgeyAiZG9tYWluX2NvbnRyb2xsZXIiIH0KICAgICAgICAzIHsgInNlcnZlciIgfQogICAgICAgIGRlZmF1bHQgeyAidW5rbm93biIgfQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9kaXN0cmlidXRpb24gPSAkd2luMzJfb3MuQ2FwdGlvbgogICAgICAgIGFuc2libGVfZGlzdHJpYnV0aW9uX3ZlcnNpb24gPSAkb3N2ZXJzaW9uLlZlcnNpb24uVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfZGlzdHJpYnV0aW9uX21ham9yX3ZlcnNpb24gPSAkb3N2ZXJzaW9uLlZlcnNpb24uTWFqb3IuVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfb3NfZmFtaWx5ID0gIldpbmRvd3MiCiAgICAgICAgYW5zaWJsZV9vc19uYW1lID0gKCR3aW4zMl9vcy5OYW1lLlNwbGl0KCd8JylbMF0pLlRyaW0oKQogICAgICAgIGFuc2libGVfb3NfcHJvZHVjdF90eXBlID0gJHByb2R1Y3RfdHlwZQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnZW52JykpIHsKICAgICRlbnZfdmFycyA9IEB7IH0KICAgIGZvcmVhY2ggKCRpdGVtIGluIEdldC1DaGlsZEl0ZW0gRW52OikgewogICAgICAgICRuYW1lID0gJGl0ZW0gfCBzZWxlY3QgLUV4cGFuZFByb3BlcnR5IE5hbWUKICAgICAgICAjIFBvd2Vyc2hlbGwgQ29udmVydFRvLUpzb24gZmFpbHMgaWYgc3RyaW5nIGVuZHMgd2l0aCBcCiAgICAgICAgJHZhbHVlID0gKCRpdGVtIHwgc2VsZWN0IC1FeHBhbmRQcm9wZXJ0eSBWYWx1ZSkuVHJpbUVuZCgiXCIpCiAgICAgICAgJGVudl92YXJzLkFkZCgkbmFtZSwgJHZhbHVlKQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9lbnYgPSAkZW52X3ZhcnMKICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ2ZhY3RlcicpKSB7CiAgICAjIFNlZSBpZiBGYWN0ZXIgaXMgb24gdGhlIFN5c3RlbSBQYXRoCiAgICBUcnkgewogICAgICAgICRmYWN0ZXJfZXhlID0gR2V0LUNvbW1hbmQgZmFjdGVyIC1FcnJvckFjdGlvbiBTdG9wCiAgICAgICAgJGZhY3Rlcl9pbnN0YWxsZWQgPSAkdHJ1ZQogICAgfSBDYXRjaCB7CiAgICAgICAgJGZhY3Rlcl9pbnN0YWxsZWQgPSAkZmFsc2UKICAgIH0KCiAgICAjIEdldCBKU09OIGZyb20gRmFjdGVyLCBhbmQgcGFyc2UgaXQgb3V0LgogICAgaWYgKCRmYWN0ZXJfaW5zdGFsbGVkKSB7CiAgICAgICAgJmZhY3RlciAtaiB8IFRlZS1PYmplY3QgIC1WYXJpYWJsZSBmYWN0ZXJfb3V0cHV0IHwgT3V0LU51bGwKICAgICAgICAkZmFjdHMgPSAiJGZhY3Rlcl9vdXRwdXQiIHwgQ29udmVydEZyb20tSnNvbgogICAgICAgIEZvckVhY2goJGZhY3QgaW4gJGZhY3RzLlBTT2JqZWN0LlByb3BlcnRpZXMpIHsKICAgICAgICAgICAgJGZhY3RfbmFtZSA9ICRmYWN0Lk5hbWUKICAgICAgICAgICAgJGFuc2libGVfZmFjdHMuQWRkKCJmYWN0ZXJfJGZhY3RfbmFtZSIsICRmYWN0LlZhbHVlKQogICAgICAgIH0KICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ2ludGVyZmFjZXMnKSkgewogICAgJG5ldGNmZyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfTmV0d29ya0FkYXB0ZXJDb25maWd1cmF0aW9uCiAgICAkQWN0aXZlTmV0Y2ZnID0gQCgpCiAgICAkQWN0aXZlTmV0Y2ZnICs9ICRuZXRjZmcgfCB3aGVyZSB7JF8uaXBhZGRyZXNzIC1uZSAkbnVsbH0KCiAgICAkbmFtZXNwYWNlcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgX19OYW1lc3BhY2UgLW5hbWVzcGFjZSByb290CiAgICBpZiAoJG5hbWVzcGFjZXMgfCBXaGVyZS1PYmplY3QgeyAkXy5OYW1lIC1lcSAiU3RhbmRhcmRDaW12IiB9KSB7CiAgICAgICAgJG5ldF9hZGFwdGVycyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgTVNGVF9OZXRBZGFwdGVyIC1uYW1lc3BhY2UgUm9vdFxTdGFuZGFyZENpbXYyCiAgICAgICAgJGd1aWRfa2V5ID0gIkludGVyZmFjZUdVSUQiCiAgICAgICAgJG5hbWVfa2V5ID0gIk5hbWUiCiAgICB9IGVsc2UgewogICAgICAgICRuZXRfYWRhcHRlcnMgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX05ldHdvcmtBZGFwdGVyICAgICAgICAKICAgICAgICAkZ3VpZF9rZXkgPSAiR1VJRCIKICAgICAgICAkbmFtZV9rZXkgPSAiTmV0Q29ubmVjdGlvbklEIgogICAgfQoKICAgICRmb3JtYXR0ZWRuZXRjZmcgPSBAKCkKICAgIGZvcmVhY2ggKCRhZGFwdGVyIGluICRBY3RpdmVOZXRjZmcpCiAgICB7CiAgICAgICAgJHRoaXNhZGFwdGVyID0gQHsKICAgICAgICAgICAgZGVmYXVsdF9nYXRld2F5ID0gJG51bGwKICAgICAgICAgICAgY29ubmVjdGlvbl9uYW1lID0gJG51bGwKICAgICAgICAgICAgZG5zX2RvbWFpbiA9ICRhZGFwdGVyLmRuc2RvbWFpbgogICAgICAgICAgICBpbnRlcmZhY2VfaW5kZXggPSAkYWRhcHRlci5JbnRlcmZhY2VJbmRleAogICAgICAgICAgICBpbnRlcmZhY2VfbmFtZSA9ICRhZGFwdGVyLmRlc2NyaXB0aW9uCiAgICAgICAgICAgIG1hY2FkZHJlc3MgPSAkYWRhcHRlci5tYWNhZGRyZXNzCiAgICAgICAgfQoKICAgICAgICBpZiAoJGFkYXB0ZXIuZGVmYXVsdElQR2F0ZXdheSkKICAgICAgICB7CiAgICAgICAgICAgICR0aGlzYWRhcHRlci5kZWZhdWx0X2dhdGV3YXkgPSAkYWRhcHRlci5EZWZhdWx0SVBHYXRld2F5WzBdLlRvU3RyaW5nKCkKICAgICAgICB9CiAgICAgICAgJG5ldF9hZGFwdGVyID0gJG5ldF9hZGFwdGVycyB8IFdoZXJlLU9iamVjdCB7ICRfLiRndWlkX2tleSAtZXEgJGFkYXB0ZXIuU2V0dGluZ0lEIH0KICAgICAgICBpZiAoJG5ldF9hZGFwdGVyKSB7CiAgICAgICAgICAgICR0aGlzYWRhcHRlci5jb25uZWN0aW9uX25hbWUgPSAkbmV0X2FkYXB0ZXIuJG5hbWVfa2V5CiAgICAgICAgfQoKICAgICAgICAkZm9ybWF0dGVkbmV0Y2ZnICs9ICR0aGlzYWRhcHRlcgogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9pbnRlcmZhY2VzID0gJGZvcm1hdHRlZG5ldGNmZwogICAgfQp9CgppZiAoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoImxvY2FsIikgLWFuZCAkZmFjdHBhdGggLW5lICRudWxsKSB7CiAgICAjIEdldCBhbnkgY3VzdG9tIGZhY3RzOyByZXN1bHRzIGFyZSB1cGRhdGVkIGluIHRoZQogICAgR2V0LUN1c3RvbUZhY3RzIC1mYWN0cGF0aCAkZmFjdHBhdGgKfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ21lbW9yeScpKSB7CiAgICAkd2luMzJfY3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX0NvbXB1dGVyU3lzdGVtCiAgICAkd2luMzJfb3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX09wZXJhdGluZ1N5c3RlbQogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICAjIFdpbjMyX1BoeXNpY2FsTWVtb3J5IGlzIGVtcHR5IG9uIHNvbWUgdmlydHVhbCBwbGF0Zm9ybXMKICAgICAgICBhbnNpYmxlX21lbXRvdGFsX21iID0gKFttYXRoXTo6cm91bmQoJHdpbjMyX2NzLlRvdGFsUGh5c2ljYWxNZW1vcnkgLyAxMDI0IC8gMTAyNCkpCiAgICAgICAgYW5zaWJsZV9zd2FwdG90YWxfbWIgPSAoW21hdGhdOjpyb3VuZCgkd2luMzJfb3MuVG90YWxTd2FwU3BhY2VTaXplIC8gMTAyNCAvIDEwMjQpKQogICAgfQp9CgoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ3BsYXRmb3JtJykpIHsKICAgICR3aW4zMl9jcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfQ29tcHV0ZXJTeXN0ZW0KICAgICR3aW4zMl9vcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfT3BlcmF0aW5nU3lzdGVtCiAgICAkaXBfcHJvcHMgPSBbU3lzdGVtLk5ldC5OZXR3b3JrSW5mb3JtYXRpb24uSVBHbG9iYWxQcm9wZXJ0aWVzXTo6R2V0SVBHbG9iYWxQcm9wZXJ0aWVzKCkKCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfYXJjaGl0ZWN0dXJlID0gJHdpbjMyX29zLk9TQXJjaGl0ZWN0dXJlCiAgICAgICAgYW5zaWJsZV9kb21haW4gPSAkaXBfcHJvcHMuRG9tYWluTmFtZQogICAgICAgIGFuc2libGVfZnFkbiA9ICgkaXBfcHJvcHMuSG9zdG5hbWUgKyAiLiIgKyAkaXBfcHJvcHMuRG9tYWluTmFtZSkKICAgICAgICBhbnNpYmxlX2hvc3RuYW1lID0gJGVudjpDT01QVVRFUk5BTUUKICAgICAgICBhbnNpYmxlX2tlcm5lbCA9ICRvc3ZlcnNpb24uVmVyc2lvbi5Ub1N0cmluZygpCiAgICAgICAgYW5zaWJsZV9ub2RlbmFtZSA9ICgkaXBfcHJvcHMuSG9zdE5hbWUgKyAiLiIgKyAkaXBfcHJvcHMuRG9tYWluTmFtZSkKICAgICAgICBhbnNpYmxlX21hY2hpbmVfaWQgPSBHZXQtTWFjaGluZVNpZAogICAgICAgIGFuc2libGVfb3duZXJfY29udGFjdCA9IChbc3RyaW5nXSAkd2luMzJfY3MuUHJpbWFyeU93bmVyQ29udGFjdCkKICAgICAgICBhbnNpYmxlX293bmVyX25hbWUgPSAoW3N0cmluZ10gJHdpbjMyX2NzLlByaW1hcnlPd25lck5hbWUpCiAgICAgICAgIyBGVVRVUkU6IHNob3VsZCB0aGlzIGxpdmUgaW4gaXRzIG93biBzdWJzZXQ/CiAgICAgICAgYW5zaWJsZV9yZWJvb3RfcGVuZGluZyA9IChHZXQtUGVuZGluZ1JlYm9vdFN0YXR1cykKICAgICAgICBhbnNpYmxlX3N5c3RlbSA9ICRvc3ZlcnNpb24uUGxhdGZvcm0uVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfc3lzdGVtX2Rlc2NyaXB0aW9uID0gKFtzdHJpbmddICR3aW4zMl9vcy5EZXNjcmlwdGlvbikKICAgICAgICBhbnNpYmxlX3N5c3RlbV92ZW5kb3IgPSAkd2luMzJfY3MuTWFudWZhY3R1cmVyCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdwb3dlcnNoZWxsX3ZlcnNpb24nKSkgewogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICBhbnNpYmxlX3Bvd2Vyc2hlbGxfdmVyc2lvbiA9ICgkUFNWZXJzaW9uVGFibGUuUFNWZXJzaW9uLk1ham9yKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygncHJvY2Vzc29yJykpIHsKICAgICR3aW4zMl9jcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfQ29tcHV0ZXJTeXN0ZW0KICAgICR3aW4zMl9jcHUgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX1Byb2Nlc3NvcgogICAgaWYgKCR3aW4zMl9jcHUgLWlzIFthcnJheV0pIHsKICAgICAgICAjIG11bHRpLXNvY2tldCwgcGljayBmaXJzdAogICAgICAgICR3aW4zMl9jcHUgPSAkd2luMzJfY3B1WzBdCiAgICB9CgogICAgJGNwdV9saXN0ID0gQCggKQogICAgZm9yICgkaT0xOyAkaSAtbGUgKCR3aW4zMl9jcHUuTnVtYmVyT2ZMb2dpY2FsUHJvY2Vzc29ycyAvICR3aW4zMl9jcy5OdW1iZXJPZlByb2Nlc3NvcnMpOyAkaSsrKSB7CiAgICAgICAgJGNwdV9saXN0ICs9ICR3aW4zMl9jcHUuTWFudWZhY3R1cmVyCiAgICAgICAgJGNwdV9saXN0ICs9ICR3aW4zMl9jcHUuTmFtZQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9wcm9jZXNzb3IgPSAkY3B1X2xpc3QKICAgICAgICBhbnNpYmxlX3Byb2Nlc3Nvcl9jb3JlcyA9ICR3aW4zMl9jcHUuTnVtYmVyT2ZDb3JlcwogICAgICAgIGFuc2libGVfcHJvY2Vzc29yX2NvdW50ID0gJHdpbjMyX2NzLk51bWJlck9mUHJvY2Vzc29ycwogICAgICAgIGFuc2libGVfcHJvY2Vzc29yX3RocmVhZHNfcGVyX2NvcmUgPSAoJHdpbjMyX2NwdS5OdW1iZXJPZkxvZ2ljYWxQcm9jZXNzb3JzIC8gJHdpbjMyX2NzLk51bWJlck9mUHJvY2Vzc29ycyAvICR3aW4zMl9jcHUuTnVtYmVyT2ZDb3JlcykKICAgICAgICBhbnNpYmxlX3Byb2Nlc3Nvcl92Y3B1cyA9ICgkd2luMzJfY3B1Lk51bWJlck9mTG9naWNhbFByb2Nlc3NvcnMgLyAkd2luMzJfY3MuTnVtYmVyT2ZQcm9jZXNzb3JzKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygndXB0aW1lJykpIHsKICAgICR3aW4zMl9vcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfT3BlcmF0aW5nU3lzdGVtCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfbGFzdGJvb3QgPSAkd2luMzJfb3MubGFzdGJvb3R1cHRpbWUuVG9TdHJpbmcoInUiKQogICAgICAgIGFuc2libGVfdXB0aW1lX3NlY29uZHMgPSAkKFtTeXN0ZW0uQ29udmVydF06OlRvSW50NjQoJChHZXQtRGF0ZSkuU3VidHJhY3QoJHdpbjMyX29zLmxhc3Rib290dXB0aW1lKS5Ub3RhbFNlY29uZHMpKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygndXNlcicpKSB7CiAgICAkdXNlciA9IFtTZWN1cml0eS5QcmluY2lwYWwuV2luZG93c0lkZW50aXR5XTo6R2V0Q3VycmVudCgpCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfdXNlcl9kaXIgPSAkZW52OnVzZXJwcm9maWxlCiAgICAgICAgIyBXaW4zMl9Vc2VyQWNjb3VudC5GdWxsTmFtZSBpcyBwcm9iYWJseSB0aGUgcmlnaHQgdGhpbmcgaGVyZSwgYnV0IGl0IGNhbiBiZSBleHBlbnNpdmUgdG8gZ2V0IG9uIGxhcmdlIGRvbWFpbnMKICAgICAgICBhbnNpYmxlX3VzZXJfZ2Vjb3MgPSAiIgogICAgICAgIGFuc2libGVfdXNlcl9pZCA9ICRlbnY6dXNlcm5hbWUKICAgICAgICBhbnNpYmxlX3VzZXJfc2lkID0gJHVzZXIuVXNlci5WYWx1ZQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnd2luZG93c19kb21haW4nKSkgewogICAgJHdpbjMyX2NzID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9Db21wdXRlclN5c3RlbQogICAgJGRvbWFpbl9yb2xlcyA9IEB7CiAgICAgICAgMCA9ICJTdGFuZC1hbG9uZSB3b3Jrc3RhdGlvbiIKICAgICAgICAxID0gIk1lbWJlciB3b3Jrc3RhdGlvbiIKICAgICAgICAyID0gIlN0YW5kLWFsb25lIHNlcnZlciIKICAgICAgICAzID0gIk1lbWJlciBzZXJ2ZXIiCiAgICAgICAgNCA9ICJCYWNrdXAgZG9tYWluIGNvbnR ScriptBlock ID: 1bdebdc2-c4ce-40b9-95da-1f816685a1ed Path:	4104	1		3	2	15	0	1708	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4780	3772	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:21 PM	e5295ba9-9827-0004-525c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): F0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTgsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCkZ1bmN0aW9uIEdldC1DdXN0b21GYWN0cyB7CiAgW2NtZGxldEJpbmRpbmcoKV0KICBwYXJhbSAoCiAgICBbUGFyYW1ldGVyKG1hbmRhdG9yeT0kZmFsc2UpXQogICAgJGZhY3RwYXRoID0gJG51bGwKICApCgogIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGZhY3RwYXRoKSkgewogICAgRmFpbC1Kc29uICRyZXN1bHQgIlRoZSBwYXRoICRmYWN0cGF0aCBkb2VzIG5vdCBleGlzdC4gVHlwbz8iCiAgfQoKICAkRmFjdHNGaWxlcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJGZhY3RwYXRoIHwgV2hlcmUtT2JqZWN0IC1GaWx0ZXJTY3JpcHQgeygkUFNJdGVtLlBTSXNDb250YWluZXIgLWVxICRmYWxzZSkgLWFuZCAoJFBTSXRlbS5FeHRlbnNpb24gLWVxICcucHMxJyl9CgogIGZvcmVhY2ggKCRGYWN0c0ZpbGUgaW4gJEZhY3RzRmlsZXMpIHsKICAgICAgJG91dCA9ICYgJCgkRmFjdHNGaWxlLkZ1bGxOYW1lKQogICAgICAkcmVzdWx0LmFuc2libGVfZmFjdHMuQWRkKCJhbnNpYmxlXyQoKCRGYWN0c0ZpbGUuTmFtZSkuU3BsaXQoJy4nKVswXSkiLCAkb3V0KQogIH0KfQoKRnVuY3Rpb24gR2V0LU1hY2hpbmVTaWQgewogICAgIyBUaGUgTWFjaGluZSBTSUQgaXMgc3RvcmVkIGluIEhLTE06XFNFQ1VSSVRZXFNBTVxEb21haW5zXEFjY291bnQgYW5kIGlzCiAgICAjIG9ubHkgYWNjZXNzaWJsZSBieSB0aGUgTG9jYWwgU3lzdGVtIGFjY291bnQuIFRoaXMgbWV0aG9kIGdldCdzIHRoZSBsb2NhbAogICAgIyBhZG1pbiBhY2NvdW50IChlbmRzIHdpdGggLTUwMCkgYW5kIGxvcHMgaXQgb2ZmIHRvIGdldCB0aGUgbWFjaGluZSBzaWQuCgogICAgJGFkbWluc19zaWQgPSAiUy0xLTUtMzItNTQ0IgogICAgJGFkbWluX2dyb3VwID0gKFtTZWN1cml0eS5QcmluY2lwYWwuU2VjdXJpdHlJZGVudGlmaWVyXSRhZG1pbnNfc2lkKS5UcmFuc2xhdGUoW1NlY3VyaXR5LlByaW5jaXBhbC5OVEFjY291bnRdKS5WYWx1ZSAKCiAgICBBZGQtVHlwZSAtQXNzZW1ibHlOYW1lIFN5c3RlbS5EaXJlY3RvcnlTZXJ2aWNlcy5BY2NvdW50TWFuYWdlbWVudAogICAgJHByaW5jaXBhbF9jb250ZXh0ID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50LlByaW5jaXBhbENvbnRleHQoW1N5c3RlbS5EaXJlY3RvcnlTZXJ2aWNlcy5BY2NvdW50TWFuYWdlbWVudC5Db250ZXh0VHlwZV06Ok1hY2hpbmUpCiAgICAkZ3JvdXBfcHJpbmNpcGFsID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50Lkdyb3VwUHJpbmNpcGFsKCRwcmluY2lwYWxfY29udGV4dCwgJGFkbWluX2dyb3VwKQogICAgJHNlYXJjaGVyID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50LlByaW5jaXBhbFNlYXJjaGVyKCRncm91cF9wcmluY2lwYWwpCiAgICAkZ3JvdXBzID0gJHNlYXJjaGVyLkZpbmRPbmUoKQoKICAgICRtYWNoaW5lX3NpZCA9ICRudWxsCiAgICBmb3JlYWNoICgkdXNlciBpbiAkZ3JvdXBzLk1lbWJlcnMpIHsKICAgICAgICAkdXNlcl9zaWQgPSAkdXNlci5TaWQKICAgICAgICBpZiAoJHVzZXJfc2lkLlZhbHVlLkVuZHNXaXRoKCItNTAwIikpIHsKICAgICAgICAgICAgJG1hY2hpbmVfc2lkID0gJHVzZXJfc2lkLkFjY291bnREb21haW5TaWQuVmFsdWUKICAgICAgICAgICAgYnJlYWsKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICRtYWNoaW5lX3NpZAp9CgokY2ltX2luc3RhbmNlcyA9IEB7fQoKRnVuY3Rpb24gR2V0LUxhenlDaW1JbnN0YW5jZShbc3RyaW5nXSRpbnN0YW5jZV9uYW1lLCBbc3RyaW5nXSRuYW1lc3BhY2U9IlJvb3RcQ0lNVjIiKSB7CiAgICBpZigtbm90ICRjaW1faW5zdGFuY2VzLkNvbnRhaW5zS2V5KCRpbnN0YW5jZV9uYW1lKSkgewogICAgICAgICRjaW1faW5zdGFuY2VzWyRpbnN0YW5jZV9uYW1lXSA9ICQoR2V0LUNpbUluc3RhbmNlIC1OYW1lc3BhY2UgJG5hbWVzcGFjZSAtQ2xhc3NOYW1lICRpbnN0YW5jZV9uYW1lKQogICAgfQoKICAgIHJldHVybiAkY2ltX2luc3RhbmNlc1skaW5zdGFuY2VfbmFtZV0KfQoKJHJlc3VsdCA9IEB7CiAgICBhbnNpYmxlX2ZhY3RzID0gQHsgfQogICAgY2hhbmdlZCA9ICRmYWxzZQp9CgokZ3JvdXBlZF9zdWJzZXRzID0gQHsKICAgIG1pbj1bU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuTGlzdFtzdHJpbmddXUAoJ2RhdGVfdGltZScsJ2Rpc3RyaWJ1dGlvbicsJ2RucycsJ2VudicsJ2xvY2FsJywncGxhdGZvcm0nLCdwb3dlcnNoZWxsX3ZlcnNpb24nLCd1c2VyJykKICAgIG5ldHdvcms9W1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkxpc3Rbc3RyaW5nXV1AKCdhbGxfaXB2NF9hZGRyZXNzZXMnLCdhbGxfaXB2Nl9hZGRyZXNzZXMnLCdpbnRlcmZhY2VzJywnd2luZG93c19kb21haW4nLCAnd2lucm0nKQogICAgaGFyZHdhcmU9W1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkxpc3Rbc3RyaW5nXV1AKCdiaW9zJywnbWVtb3J5JywncHJvY2Vzc29yJywndXB0aW1lJykKICAgIGV4dGVybmFsPVtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0W3N0cmluZ11dQCgnZmFjdGVyJykKfQoKIyBidWlsZCAiYWxsIiBzZXQgZnJvbSBldmVyeXRoaW5nIG1lbnRpb25lZCBpbiB0aGUgZ3JvdXAtIHRoaXMgbWVhbnMgZXZlcnkgdmFsdWUgbXVzdCBiZSBpbiBhdCBsZWFzdCBvbmUgc3Vic2V0IHRvIGJlIGNvbnNpZGVyZWQgbGVnYWwKJGFsbF9zZXQgPSBbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSGFzaFNldFtzdHJpbmddXUAoKQoKZm9yZWFjaCgka3YgaW4gJGdyb3VwZWRfc3Vic2V0cy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgIFt2b2lkXSAkYWxsX3NldC5VbmlvbldpdGgoJGt2LlZhbHVlKQp9CgojIGR5bmFtaWNhbGx5IGNyZWF0ZSBhbiAiYWxsIiBzdWJzZXQgbm93IHRoYXQgd2Uga25vdyB3aGF0IHNob3VsZCBiZSBpbiBpdAokZ3JvdXBlZF9zdWJzZXRzWydhbGwnXSA9IFtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0W3N0cmluZ11dJGFsbF9zZXQKCiMgc3RhcnQgd2l0aCBhbGwsIGJ1aWxkIHVwIGdhdGhlciBhbmQgZXhjbHVkZSBzdWJzZXRzCiRnYXRoZXJfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV0kZ3JvdXBlZF9zdWJzZXRzLmFsbAokZXhwbGljaXRfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV1AKCkKJGV4Y2x1ZGVfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV1AKCkKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCiRmYWN0cGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmYWN0X3BhdGgiIC10eXBlICJwYXRoIgokZ2F0aGVyX3N1YnNldF9zb3VyY2UgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2F0aGVyX3N1YnNldCIgLXR5cGUgImxpc3QiIC1kZWZhdWx0ICJhbGwiCgpmb3JlYWNoKCRpdGVtIGluICRnYXRoZXJfc3Vic2V0X3NvdXJjZSkgewogICAgaWYoKFtzdHJpbmddJGl0ZW0pLlN0YXJ0c1dpdGgoIiEiKSkgewogICAgICAgICRpdGVtID0gKFtzdHJpbmddJGl0ZW0pLlN1YnN0cmluZygxKQogICAgICAgIGlmKCRpdGVtIC1lcSAiYWxsIikgewogICAgICAgICAgICAkYWxsX21pbnVzX21pbiA9IFtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5IYXNoU2V0W3N0cmluZ11dQCgkYWxsX3NldCkKICAgICAgICAgICAgW3ZvaWRdICRhbGxfbWludXNfbWluLkV4Y2VwdFdpdGgoJGdyb3VwZWRfc3Vic2V0cy5taW4pCiAgICAgICAgICAgIFt2b2lkXSAkZXhjbHVkZV9zdWJzZXQuVW5pb25XaXRoKCRhbGxfbWludXNfbWluKQogICAgICAgIH0KICAgICAgICBlbHNlaWYoJGdyb3VwZWRfc3Vic2V0cy5Db250YWluc0tleSgkaXRlbSkpIHsKICAgICAgICAgICAgW3ZvaWRdICRleGNsdWRlX3N1YnNldC5VbmlvbldpdGgoJGdyb3VwZWRfc3Vic2V0c1skaXRlbV0pCiAgICAgICAgfQogICAgICAgIGVsc2VpZigkYWxsX3NldC5Db250YWlucygkaXRlbSkpIHsKICAgICAgICAgICAgW3ZvaWRdICRleGNsdWRlX3N1YnNldC5BZGQoJGl0ZW0pCiAgICAgICAgfQogICAgICAgICMgTkI6IGludmFsaWQgZXhjbHVkZSB2YWx1ZXMgYXJlIGlnbm9yZWQsIHNpbmNlIHRoYXQncyB3aGF0IHBvc2l4IHNldHVwIGRvZXMKICAgIH0KICAgIGVsc2UgewogICAgICAgIGlmKCRncm91cGVkX3N1YnNldHMuQ29udGFpbnNLZXkoJGl0ZW0pKSB7CiAgICAgICAgICAgIFt2b2lkXSAkZXhwbGljaXRfc3Vic2V0LlVuaW9uV2l0aCgkZ3JvdXBlZF9zdWJzZXRzWyRpdGVtXSkKICAgICAgICB9CiAgICAgICAgZWxzZWlmKCRhbGxfc2V0LkNvbnRhaW5zKCRpdGVtKSkgewogICAgICAgICAgICBbdm9pZF0gJGV4cGxpY2l0X3N1YnNldC5BZGQoJGl0ZW0pCiAgICAgICAgfQogICAgICAgIGVsc2UgewogICAgICAgICAgICAjIE5COiBQT1NJWCBzZXR1cCBmYWlscyBvbiBpbnZhbGlkIHZhbHVlOyB3ZSB3YXJuLCBiZWNhdXNlIHdlIGRvbid0IGltcGxlbWVudCB0aGUgc2FtZSBzZXQgYXMgUE9TSVgKICAgICAgICAgICAgIyBhbmQgd2UgZG9uJ3QgaGF2ZSBwbGF0Zm9ybS1zcGVjaWZpYyBjb25maWcgZm9yIHRoaXMuLi4KICAgICAgICAgICAgQWRkLVdhcm5pbmcgJHJlc3VsdCAiaW52YWxpZCB2YWx1ZSAkaXRlbSBzcGVjaWZpZWQgaW4gZ2F0aGVyX3N1YnNldCIKICAgICAgICB9CiAgICB9Cn0KClt2b2lkXSAkZ2F0aGVyX3N1YnNldC5FeGNlcHRXaXRoKCRleGNsdWRlX3N1YnNldCkKW3ZvaWRdICRnYXRoZXJfc3Vic2V0LlVuaW9uV2l0aCgkZXhwbGljaXRfc3Vic2V0KQoKJGFuc2libGVfZmFjdHMgPSBAewogICAgZ2F0aGVyX3N1YnNldD1AKCRnYXRoZXJfc3Vic2V0X3NvdXJjZSkKICAgIG1vZHVsZV9zZXR1cD0kdHJ1ZQp9Cgokb3N2ZXJzaW9uID0gW0Vudmlyb25tZW50XTo6T1NWZXJzaW9uCgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnYWxsX2lwdjRfYWRkcmVzc2VzJykgLW9yICRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdhbGxfaXB2Nl9hZGRyZXNzZXMnKSkgewogICAgJG5ldGNmZyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfTmV0d29ya0FkYXB0ZXJDb25maWd1cmF0aW9uCiAgICAKICAgICMgVE9ETzogc3BsaXQgdjQvdjYgcHJvcGVybHksIHJldHVybiBpbiBzZXBhcmF0ZSBrZXlzCiAgICAkaXBzID0gQCgpCiAgICBGb3JlYWNoICgkaXAgaW4gJG5ldGNmZy5JUEFkZHJlc3MpIHsKICAgICAgICBJZiAoJGlwKSB7CiAgICAgICAgICAgICRpcHMgKz0gJGlwCiAgICAgICAgfQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9pcF9hZGRyZXNzZXMgPSAkaXBzCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdiaW9zJykpIHsKICAgICR3aW4zMl9iaW9zID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9CaW9zCiAgICAkd2luMzJfY3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX0NvbXB1dGVyU3lzdGVtCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfYmlvc19kYXRlID0gJHdpbjMyX2Jpb3MuUmVsZWFzZURhdGUuVG9TdHJpbmcoIk1NL2RkL3l5eXkiKQogICAgICAgIGFuc2libGVfYmlvc192ZXJzaW9uID0gJHdpbjMyX2Jpb3MuU01CSU9TQklPU1ZlcnNpb24KICAgICAgICBhbnNpYmxlX3Byb2R1Y3RfbmFtZSA9ICR3aW4zMl9jcy5Nb2RlbC5UcmltKCkKICAgICAgICBhbnNpYmxlX3Byb2R1Y3Rfc2VyaWFsID0gJHdpbjMyX2Jpb3MuU2VyaWFsTnVtYmVyCiAgICAgICAgIyBhbnNpYmxlX3Byb2R1Y3RfdmVyc2lvbiA9IChbc3RyaW5nXSAkd2luMzJfY3MuU3lzdGVtRmFtaWx5KQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnZGF0ZV90aW1lJykpIHsKICAgICRkYXRldGltZSA9IChHZXQtRGF0ZSkKICAgICRkYXRldGltZV91dGMgPSAkZGF0ZXRpbWUuVG9Vbml2ZXJzYWxUaW1lKCkKICAgICRkYXRlID0gQHsKICAgICAgICBkYXRlID0gJGRhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIikKICAgICAgICBkYXkgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoImRkIikKICAgICAgICBlcG9jaCA9IChHZXQtRGF0ZSAtVUZvcm1hdCAiJXMiKQogICAgICAgIGhvdXIgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIkhIIikKICAgICAgICBpc284NjAxID0gJGRhdGV0aW1lX3V0Yy5Ub1N0cmluZygieXl5eS1NTS1kZFRISDptbTpzc1oiKQogICAgICAgIGlzbzg2MDFfYmFzaWMgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXlNTWRkVEhIbW1zc2ZmZmZmZiIpCiAgICAgICAgaXNvODYwMV9iYXNpY19zaG9ydCA9ICRkYXRldGltZS5Ub1N0cmluZygieXl5eU1NZGRUSEhtbXNzIikKICAgICAgICBpc284NjAxX21pY3JvID0gJGRhdGV0aW1lX3V0Yy5Ub1N0cmluZygieXl5eS1NTS1kZFRISDptbTpzcy5mZmZmZmZaIikKICAgICAgICBtaW51dGUgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIm1tIikKICAgICAgIC ScriptBlock ID: 1bdebdc2-c4ce-40b9-95da-1f816685a1ed Path:	4104	1		3	2	15	0	1707	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4780	3772	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:21 PM	e5295ba9-9827-0004-525c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): iAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRG ScriptBlock ID: 1bdebdc2-c4ce-40b9-95da-1f816685a1ed Path:	4104	1		3	2	15	0	1706	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4780	3772	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:21 PM	e5295ba9-9827-0004-525c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9ia ScriptBlock ID: 1bdebdc2-c4ce-40b9-95da-1f816685a1ed Path:	4104	1		3	2	15	0	1705	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4780	3772	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:21 PM	e5295ba9-9827-0004-525c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1704	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4780	4784	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:21 PM	e5295ba9-9827-0001-e55c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4780 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1703	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4780	2972	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:21 PM	e5295ba9-9827-0001-e55c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1702	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4780	4784	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:07:21 PM	e5295ba9-9827-0001-e55c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Error Message = Exception calling ".ctor" with "1" argument(s): "Value was invalid. Parameter name: sddlForm" Fully Qualified Error ID = ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand Context: Severity = Warning Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 09e02247-3489-4d7d-b058-acaf8d0855d1 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = d96879c0-c1c7-4231-bec5-20d31d67f519 Pipeline ID = 6 Command Name = New-Object Command Type = Cmdlet Script Name = Command Path = Sequence Number = 33 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4100	1		3	106	19	0	1701	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4608	3420	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:16 PM	e5295ba9-9827-0002-dc5c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	To be used when an exception is raised	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 27184d16-9051-4b66-9b9f-4e56ae001a09 Path:	4104	1		3	2	15	0	1700	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4608	2988	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:15 PM	e5295ba9-9827-0001-c15c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 21928abe-2713-456a-8c15-9426d7179b91 Path:	4104	1		3	2	15	0	1699	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4608	2988	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:15 PM	e5295ba9-9827-0001-b55c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): bmUgJ2Fic2VudCcpIHsKICAgICAgICAjIENoZWNrIGlmIHBhdGggaXMgZGVmaW5lZCwgaWYgc28gY3JlYXRlIHRoZSBzZXJ2aWNlCiAgICAgICAgaWYgKCRwYXRoIC1uZSAkbnVsbCkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgTmV3LVNlcnZpY2UgLU5hbWUgJG5hbWUgLUJpbmFyeVBhdGhuYW1lICRwYXRoIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCgogICAgICAgICAgICAkc3ZjID0gR2V0LVNlcnZpY2UgfCBXaGVyZS1PYmplY3QgeyAkXy5OYW1lIC1lcSAkbmFtZSB9CiAgICAgICAgICAgIFNldC1TZXJ2aWNlQ29uZmlndXJhdGlvbiAtc3ZjICRzdmMKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAjIFdlIHdpbGwgb25seSByZWFjaCBoZXJlIGlmIHRoZSBzZXJ2aWNlIGlzIGluc3RhbGxlZCBhbmQgdGhlIHN0YXRlIGlzIG5vdCBhYnNlbnQKICAgICAgICAgICAgIyBXaWxsIGNoZWNrIGlmIGFueSBvZiB0aGUgZGVmYXVsdCBhY3Rpb25zIGFyZSBzZXQgYW5kIGZhaWwgYXMgd2UgY2Fubm90IGFjdGlvbiBpdAogICAgICAgICAgICBpZiAoJHN0YXJ0X21vZGUgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJHN0YXRlIC1uZSAkbnVsbCAtb3IKICAgICAgICAgICAgICAgICR1c2VybmFtZSAtbmUgJG51bGwgLW9yCiAgICAgICAgICAgICAgICAkcGFzc3dvcmQgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRpc3BsYXlfbmFtZSAtbmUgJG51bGwgLW9yCiAgICAgICAgICAgICAgICAkZGVzY3JpcHRpb24gLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRlc2t0b3BfaW50ZXJhY3QgLW5lICRmYWxzZSAtb3IKICAgICAgICAgICAgICAgICRkZXBlbmRlbmNpZXMgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRlcGVuZGVuY3lfYWN0aW9uIC1uZSAnc2V0JykgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJTZXJ2aWNlICckbmFtZScgaXMgbm90IGluc3RhbGxlZCwgbmVlZCB0byBzZXQgJ3BhdGgnIHRvIGNyZWF0ZSBhIG5ldyBzZXJ2aWNlIgogICAgICAgICAgICB9CiAgICAgICAgfQogICAgfQp9CgojIEFmdGVyIG1ha2luZyBhIGNoYW5nZSwgbGV0J3MgZ2V0IHRoZSBzZXJ2aWNlIGluZm8gYWdhaW4gdW5sZXNzIHdlIGRlbGV0ZWQgaXQKaWYgKCRzdGF0ZSAtZXEgJ2Fic2VudCcpIHsKICAgICMgUmVjcmVhdGUgcmVzdWx0IHNvIGl0IGRvZXNuJ3QgaGF2ZSB0aGUgZXh0cmEgbWV0YSBkYXRhIG5vdyB0aGF0IGlzIGhhcyBiZWVuIGRlbGV0ZWQKICAgICRjaGFuZ2VkID0gJHJlc3VsdC5jaGFuZ2VkCiAgICAkcmVzdWx0ID0gQHsKICAgICAgICBjaGFuZ2VkID0gJGNoYW5nZWQKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfSBlbHNlaWYgKCRzdmMgLW5lICRudWxsKSB7CiAgICBHZXQtU2VydmljZUluZm8gLW5hbWUgJG5hbWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_check_mode": false, "display_name": "neutron-hyperv-agent", "_ansible_module_name": "win_service", "state": "started", "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "username": "administrator@cbci-805629-1.local", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "description": "OpenStack Neutron Hyper-V Agent Service", "_ansible_syslog_facility": "LOG_USER", "_ansible_keep_remote_files": false, "_ansible_socket": null, "path": "c:\\openstack\\bin\\OpenStackService.exe neutron-hyperv-agent c:\\python37\\scripts\\neutron-hyperv-agent.exe --config-file c:\\openstack\\etc\\neutron-hyperv-agent.conf", "password": "Passw0rd", "_ansible_no_log": false, "name": "neutron-hyperv-agent", "start_mode": "auto", "_ansible_verbosity": 2, "_ansible_diff": false, "_ansible_remote_tmp": "%TEMP%", "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 1c7ed1bb-54c1-45cd-9228-83b65fcf65b5 Path:	4104	1		3	2	15	0	1698	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4608	2988	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:15 PM	e5295ba9-9827-0001-af5c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): gdXAgdHlwZSB3YXMgbm90IGF1dG8gb3IgYXV0byAoZGVsYXllZCksIG5lZWQgdG8gY2hhbmdlIHRvIGF1dG8gYW5kIGFkZCBkZWxheWVkIGtleQogICAgICAgICAgICB9IGVsc2VpZiAoJHN0YXJ0X21vZGUgLWVxICdkZWxheWVkJykgewogICAgICAgICAgICAgICAgJHN2YyB8IFNldC1TZXJ2aWNlIC1TdGFydHVwVHlwZSAiYXV0byIgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMSAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgbm90IHdoYXQgd2Ugd2VyZSBsb29raW5nIGZvciwganVzdCBjaGFuZ2UgdG8gdGhhdCB0eXBlCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICAkc3ZjIHwgU2V0LVNlcnZpY2UgLVN0YXJ0dXBUeXBlICRzdGFydF9tb2RlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgIH0KICAgICAgICAKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgpGdW5jdGlvbiBTZXQtU2VydmljZUFjY291bnQoJHdtaV9zdmMsICR1c2VybmFtZV9zaWQsICR1c2VybmFtZSwgJHBhc3N3b3JkKSB7CiAgICBpZiAoJHJlc3VsdC51c2VybmFtZSAtZXEgIkxvY2FsU3lzdGVtIikgewogICAgICAgICRhY3R1YWxfc2lkID0gIlMtMS01LTE4IgogICAgfSBlbHNlIHsKICAgICAgICAkYWN0dWFsX3NpZCA9IENvbnZlcnQtVG9TSUQgLWFjY291bnRfbmFtZSAkcmVzdWx0LnVzZXJuYW1lCiAgICB9CgogICAgaWYgKCRhY3R1YWxfc2lkIC1uZSAkdXNlcm5hbWVfc2lkKSB7CiAgICAgICAgJGNoYW5nZV9hcmd1bWVudHMgPSBAewogICAgICAgICAgICBTdGFydE5hbWUgPSAkdXNlcm5hbWUKICAgICAgICAgICAgU3RhcnRQYXNzd29yZCA9ICRwYXNzd29yZAogICAgICAgICAgICBEZXNrdG9wSW50ZXJhY3QgPSAkcmVzdWx0LmRlc2t0b3BfaW50ZXJhY3QKICAgICAgICB9CiAgICAgICAgIyBuZWVkIHRvIGRpc2FibGUgZGVza3RvcCBpbnRlcmFjdCB3aGVuIG5vdCB1c2luZyB0aGUgU1lTVEVNIGFjY291bnQKICAgICAgICBpZiAoJHVzZXJuYW1lX3NpZCAtbmUgIlMtMS01LTE4IikgewogICAgICAgICAgICAkY2hhbmdlX2FyZ3VtZW50cy5EZXNrdG9wSW50ZXJhY3QgPSAkZmFsc2UKICAgICAgICB9CgogICAgICAgICNXTUkuQ2hhbmdlIGRvZXNuJ3Qgc3VwcG9ydCAtV2hhdElmLCBjYW5ub3QgZnVsbHkgdGVzdCB3aXRoIGNoZWNrX21vZGUKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAkcmV0dXJuID0gJHdtaV9zdmMgfCBJbnZva2UtQ2ltTWV0aG9kIC1NZXRob2ROYW1lIENoYW5nZSAtQXJndW1lbnRzICRjaGFuZ2VfYXJndW1lbnRzCiAgICAgICAgICAgIGlmICgkcmV0dXJuLlJldHVyblZhbHVlIC1uZSAwKSB7CiAgICAgICAgICAgICAgICAkZXJyb3JfbXNnID0gR2V0LVdtaUVycm9yTWVzc2FnZSAtcmV0dXJuX3ZhbHVlICRyZXN1bHQuUmV0dXJuVmFsdWUKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBzZXQgc2VydmljZSBhY2NvdW50IHRvICQoJHVzZXJuYW1lKTogJCgkcmV0dXJuLlJldHVyblZhbHVlKSAtICRlcnJvcl9tc2ciCiAgICAgICAgICAgIH0KICAgICAgICB9ICAgICAgICAKCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEZXNrdG9wSW50ZXJhY3QoJHdtaV9zdmMsICRkZXNrdG9wX2ludGVyYWN0KSB7CiAgICBpZiAoJHJlc3VsdC5kZXNrdG9wX2ludGVyYWN0IC1uZSAkZGVza3RvcF9pbnRlcmFjdCkgewogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICRyZXR1cm4gPSAkd21pX3N2YyB8IEludm9rZS1DaW1NZXRob2QgLU1ldGhvZE5hbWUgQ2hhbmdlIC1Bcmd1bWVudHMgQHtEZXNrdG9wSW50ZXJhY3QgPSAkZGVza3RvcF9pbnRlcmFjdH0KICAgICAgICAgICAgaWYgKCRyZXR1cm4uUmV0dXJuVmFsdWUgLW5lIDApIHsKICAgICAgICAgICAgICAgICRlcnJvcl9tc2cgPSBHZXQtV21pRXJyb3JNZXNzYWdlIC1yZXR1cm5fdmFsdWUgJHJldHVybi5SZXR1cm5WYWx1ZQogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRmFpbGVkIHRvIHNldCBkZXNrdG9wIGludGVyYWN0ICQoJGRlc2t0b3BfaW50ZXJhY3QpOiAkKCRyZXR1cm4uUmV0dXJuVmFsdWUpIC0gJGVycm9yX21zZyIKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEaXNwbGF5TmFtZSgkc3ZjLCAkZGlzcGxheV9uYW1lKSB7CiAgICBpZiAoJHJlc3VsdC5kaXNwbGF5X25hbWUgLW5lICRkaXNwbGF5X25hbWUpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU2V0LVNlcnZpY2UgLURpc3BsYXlOYW1lICRkaXNwbGF5X25hbWUgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgIH0KICAgICAgICAKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgpGdW5jdGlvbiBTZXQtU2VydmljZURlc2NyaXB0aW9uKCRzdmMsICRkZXNjcmlwdGlvbikgewogICAgaWYgKCRyZXN1bHQuZGVzY3JpcHRpb24gLW5lICRkZXNjcmlwdGlvbikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgICRzdmMgfCBTZXQtU2VydmljZSAtRGVzY3JpcHRpb24gJGRlc2NyaXB0aW9uIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VQYXRoKCRuYW1lLCAkcGF0aCkgewogICAgaWYgKCRyZXN1bHQucGF0aCAtbmUgJHBhdGgpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICBTZXQtSXRlbVByb3BlcnR5IC1MaXRlcmFsUGF0aCAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCRuYW1lIiAtTmFtZSBJbWFnZVBhdGggLVZhbHVlICRwYXRoIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEZXBlbmRlbmNpZXMoJHdtaV9zdmMsICRkZXBlbmRlbmN5X2FjdGlvbiwgJGRlcGVuZGVuY2llcykgewogICAgJGV4aXN0aW5nX2RlcGVuZGVuY2llcyA9ICRyZXN1bHQuZGVwZW5kZW5jaWVzCiAgICBbU3lzdGVtLkNvbGxlY3Rpb25zLkFycmF5TGlzdF0kbmV3X2RlcGVuZGVuY2llcyA9IEAoKQoKICAgIGlmICgkZGVwZW5kZW5jeV9hY3Rpb24gLWVxICdzZXQnKSB7CiAgICAgICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJGRlcGVuZGVuY2llcykgewogICAgICAgICAgICAkbmV3X2RlcGVuZGVuY2llcy5BZGQoJGRlcGVuZGVuY3kpCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkbmV3X2RlcGVuZGVuY2llcyA9ICRleGlzdGluZ19kZXBlbmRlbmNpZXMKICAgICAgICBmb3JlYWNoICgkZGVwZW5kZW5jeSBpbiAkZGVwZW5kZW5jaWVzKSB7CiAgICAgICAgICAgIGlmICgkZGVwZW5kZW5jeV9hY3Rpb24gLWVxICdyZW1vdmUnKSB7CiAgICAgICAgICAgICAgICBpZiAoJG5ld19kZXBlbmRlbmNpZXMgLWNvbnRhaW5zICRkZXBlbmRlbmN5KSB7CiAgICAgICAgICAgICAgICAgICAgJG5ld19kZXBlbmRlbmNpZXMuUmVtb3ZlKCRkZXBlbmRlbmN5KQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2VpZiAoJGRlcGVuZGVuY3lfYWN0aW9uIC1lcSAnYWRkJykgewogICAgICAgICAgICAgICAgaWYgKCRuZXdfZGVwZW5kZW5jaWVzIC1ub3Rjb250YWlucyAkZGVwZW5kZW5jeSkgewogICAgICAgICAgICAgICAgICAgICRuZXdfZGVwZW5kZW5jaWVzLkFkZCgkZGVwZW5kZW5jeSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAkd2lsbF9jaGFuZ2UgPSAkZmFsc2UKICAgIGZvcmVhY2ggKCRkZXBlbmRlbmN5IGluICRuZXdfZGVwZW5kZW5jaWVzKSB7CiAgICAgICAgaWYgKCRleGlzdGluZ19kZXBlbmRlbmNpZXMgLW5vdGNvbnRhaW5zICRkZXBlbmRlbmN5KSB7CiAgICAgICAgICAgICR3aWxsX2NoYW5nZSA9ICR0cnVlCiAgICAgICAgfQogICAgfQogICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJGV4aXN0aW5nX2RlcGVuZGVuY2llcykgewogICAgICAgIGlmICgkbmV3X2RlcGVuZGVuY2llcyAtbm90Y29udGFpbnMgJGRlcGVuZGVuY3kpIHsKICAgICAgICAgICAgJHdpbGxfY2hhbmdlID0gJHRydWUKICAgICAgICB9CiAgICB9CgogICAgaWYgKCR3aWxsX2NoYW5nZSAtZXEgJHRydWUpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAkcmV0dXJuID0gJHdtaV9zdmMgfCBJbnZva2UtQ2ltTWV0aG9kIC1NZXRob2ROYW1lIENoYW5nZSAtQXJndW1lbnRzIEB7U2VydmljZURlcGVuZGVuY2llcyA9ICRuZXdfZGVwZW5kZW5jaWVzfQogICAgICAgICAgICBpZiAoJHJldHVybi5SZXR1cm5WYWx1ZSAtbmUgMCkgewogICAgICAgICAgICAgICAgJGVycm9yX21zZyA9IEdldC1XbWlFcnJvck1lc3NhZ2UgLXJldHVybl92YWx1ZSAkcmV0dXJuLlJldHVyblZhbHVlCiAgICAgICAgICAgICAgICAkZGVwX3N0cmluZyA9ICRuZXdfZGVwZW5kZW5jaWVzIC1qb2luICIsICIKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBzZXQgc2VydmljZSBkZXBlbmRlbmNpZXMgJCgkZGVwX3N0cmluZyk6ICQoJHJldHVybi5SZXR1cm5WYWx1ZSkgLSAkZXJyb3JfbXNnIgogICAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1TZXJ2aWNlU3RhdGUoJHN2YywgJHdtaV9zdmMsICRzdGF0ZSkgewogICAgaWYgKCRzdGF0ZSAtZXEgInN0YXJ0ZWQiIC1hbmQgJHJlc3VsdC5zdGF0ZSAtbmUgInJ1bm5pbmciKSB7CiAgICAgICAgaWYgKCRyZXN1bHQuc3RhdGUgLWVxICJwYXVzZWQiKSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3ZjIHwgUmVzdW1lLVNlcnZpY2UgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJmYWlsZWQgdG8gc3RhcnQgc2VydmljZSBmcm9tIHBhdXNlZCBzdGF0ZSAkKCRzdmMuTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgdHJ5IHsKICAgICAgICAgICAgICAgICRzdmMgfCBTdGFydC1TZXJ2aWNlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgInN0b3BwZWQiIC1hbmQgJHJlc3VsdC5zdGF0ZSAtbmUgInN0b3BwZWQiKSB7CiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHN2YyB8IFN0b3AtU2VydmljZSAtRm9yY2U6JGZvcmNlX2RlcGVuZGVudF9zZXJ2aWNlcyAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICRfLkV4Y2VwdGlvbi5NZXNzYWdlCiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgInJlc3RhcnRlZCIpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgUmVzdGFydC1TZXJ2aWNlIC1Gb3JjZTokZm9yY2VfZGVwZW5kZW50X3NlcnZpY2VzIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAicGF1c2VkIiAtYW5kICRyZXN1bHQuc3RhdGUgLW5lICJwYXVzZWQiKSB7CiAgICAgICAgIyBjaGVjayB0aGF0IHdlIGNhbiBhY3R1YWxseSBwYXVzZSB0aGUgc2VydmljZQogICAgICAgIGlmICgkcmVzdWx0LmNhbl9wYXVzZV9hbmRfY29udGludWUgLWVxICRmYWxzZSkgewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAiZmFpbGVkIHRvIHBhdXNlIHNlcnZpY2UgJCgkc3ZjLk5hbWUpOiBUaGUgc2VydmljZSBkb2VzIG5vdCBzdXBwb3J0IHBhdXNpbmciCiAgICAgICAgfQoKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU3VzcGVuZC1TZXJ2aWNlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgImZhaWxlZCB0byBwYXVzZSBzZXJ2aWNlICQoJHN2Yy5OYW1lKTogJCgkXy5FeGNlcHRpb24uTWVzc2FnZSkiCiAgICAgICAgfQogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgImFic2VudCIpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU3RvcC1TZXJ2aWNlIC1Gb3JjZTokZm9yY2VfZGVwZW5kZW50X3NlcnZpY2VzIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgJHJldHVybiA9ICR3bWlfc3ZjIHwgSW52b2tlLUNpbU1ldGhvZCAtTWV0aG9kTmFtZSBEZWxldGUKICAgICAgICAgICAgaWYgKCRyZXR1cm4uUmV0dXJuVmFsdWUgLW5lIDApIHsKICAgICAgICAgICAgICAgICRlcnJvcl9tc2cgPSBHZXQtV21pRXJyb3JNZXNzYWdlIC1yZXR1cm5fdmFsdWUgJHJldHVybi5SZXR1cm5WYWx1ZQogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRmFpbGVkIHRvIGRlbGV0ZSBzZXJ2aWNlICQoJHN2Yy5OYW1lKTogJCgkcmV0dXJuLlJldHVyblZhbHVlKSAtICRlcnJvcl9tc2ciCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VDb25maWd1cmF0aW9uKCRzdmMpIHsKICAgICR3bWlfc3ZjID0gR2V0LUNpbUluc3RhbmNlIC1DbGFzc05hbWUgV2luMzJfU2VydmljZSAtRmlsdGVyICJuYW1lPSckKCRzdmMuTmFtZSknIgogICAgR2V0LVNlcnZpY2VJbmZvIC1uYW1lICRzdmMuTmFtZQogICAgaWYgKCRkZXNrdG9wX2ludGVyYWN0IC1lcSAkdHJ1ZSAtYW5kICgtbm90ICgkcmVzdWx0LnVzZXJuYW1lIC1lcSAnTG9jYWxTeXN0ZW0nIC1vciAkdXNlcm5hbWUgLWVxICdMb2NhbFN5c3RlbScpKSkgewogICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJDYW4gb25seSBzZXQgZGVza3RvcF9pbnRlcmFjdCB0byB0cnVlIHdoZW4gc2VydmljZSBpcyBydW4gd2l0aC9vciAndXNlcm5hbWUnIGVxdWFscyAnTG9jYWxTeXN0ZW0nIgogICAgfQoKICAgIGlmICgkc3RhcnRfbW9kZSAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZVN0YXJ0TW9kZSAtc3ZjICRzdmMgLXN0YXJ0X21vZGUgJHN0YXJ0X21vZGUKICAgIH0KCiAgICBpZiAoJHVzZXJuYW1lIC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlQWNjb3VudCAtd21pX3N2YyAkd21pX3N2YyAtdXNlcm5hbWVfc2lkICR1c2VybmFtZV9zaWQgLXVzZXJuYW1lICR1c2VybmFtZSAtcGFzc3dvcmQgJHBhc3N3b3JkCiAgICB9CgogICAgaWYgKCRkaXNwbGF5X25hbWUgLW5lICRudWxsKSB7CiAgICAgICAgU2V0LVNlcnZpY2VEaXNwbGF5TmFtZSAtc3ZjICRzdmMgLWRpc3BsYXlfbmFtZSAkZGlzcGxheV9uYW1lCiAgICB9CgogICAgaWYgKCRkZXNrdG9wX2ludGVyYWN0IC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlRGVza3RvcEludGVyYWN0IC13bWlfc3ZjICR3bWlfc3ZjIC1kZXNrdG9wX2ludGVyYWN0ICRkZXNrdG9wX2ludGVyYWN0CiAgICB9CgogICAgaWYgKCRkZXNjcmlwdGlvbiAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZURlc2NyaXB0aW9uIC1zdmMgJHN2YyAtZGVzY3JpcHRpb24gJGRlc2NyaXB0aW9uCiAgICB9CgogICAgaWYgKCRwYXRoIC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlUGF0aCAtbmFtZSAkc3ZjLk5hbWUgLXBhdGggJHBhdGgKICAgIH0KCiAgICBpZiAoJGRlcGVuZGVuY2llcyAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZURlcGVuZGVuY2llcyAtd21pX3N2YyAkd21pX3N2YyAtZGVwZW5kZW5jeV9hY3Rpb24gJGRlcGVuZGVuY3lfYWN0aW9uIC1kZXBlbmRlbmNpZXMgJGRlcGVuZGVuY2llcwogICAgfQoKICAgIGlmICgkc3RhdGUgLW5lICRudWxsKSB7CiAgICAgICAgU2V0LVNlcnZpY2VTdGF0ZSAtc3ZjICRzdmMgLXdtaV9zdmMgJHdtaV9zdmMgLXN0YXRlICRzdGF0ZQogICAgfQp9CgojIG5lZWQgdG8gdXNlIFdoZXJlLU9iamVjdCBhcyAtTmFtZSBkb2Vzbid0IHdvcmsgd2l0aCBbXSBpbiB0aGUgc2VydmljZSBuYW1lCiMgaHR0cHM6Ly9naXRodWIuY29tL2Fuc2libGUvYW5zaWJsZS9pc3N1ZXMvMzc2MjEKJHN2YyA9IEdldC1TZXJ2aWNlIHwgV2hlcmUtT2JqZWN0IHsgJF8uTmFtZSAtZXEgJG5hbWUgLW9yICRfLkRpc3BsYXlOYW1lIC1lcSAkbmFtZSB9CmlmICgkc3ZjKSB7CiAgICBTZXQtU2VydmljZUNvbmZpZ3VyYXRpb24gLXN2YyAkc3ZjCn0gZWxzZSB7CiAgICAkcmVzdWx0LmV4aXN0cyA9ICRmYWxzZQogICAgaWYgKCRzdGF0ZSAt ScriptBlock ID: 1c7ed1bb-54c1-45cd-9228-83b65fcf65b5 Path:	4104	1		3	2	15	0	1697	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4608	2988	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:15 PM	e5295ba9-9827-0001-af5c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): tUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTQsIENocmlzIEhvZmZtYW4gPGNob2ZmbWFuQGNoYXRoYW1maW5hbmNpYWwuY29tPgojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5TSUQKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCiRjaGVja19tb2RlID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ19hbnNpYmxlX2NoZWNrX21vZGUnIC10eXBlICdib29sJyAtZGVmYXVsdCAkZmFsc2UKCiRkZXBlbmRlbmNpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnZGVwZW5kZW5jaWVzJyAtdHlwZSAnbGlzdCcgLWRlZmF1bHQgJG51bGwKJGRlcGVuZGVuY3lfYWN0aW9uID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ2RlcGVuZGVuY3lfYWN0aW9uJyAtdHlwZSAnc3RyJyAtZGVmYXVsdCAnc2V0JyAtdmFsaWRhdGVzZXQgJ2FkZCcsJ3JlbW92ZScsJ3NldCcgCiRkZXNjcmlwdGlvbiA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdkZXNjcmlwdGlvbicgLXR5cGUgJ3N0cicKJGRlc2t0b3BfaW50ZXJhY3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnZGVza3RvcF9pbnRlcmFjdCcgLXR5cGUgJ2Jvb2wnIC1kZWZhdWx0ICRmYWxzZQokZGlzcGxheV9uYW1lID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ2Rpc3BsYXlfbmFtZScgLXR5cGUgJ3N0cicKJGZvcmNlX2RlcGVuZGVudF9zZXJ2aWNlcyA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdmb3JjZV9kZXBlbmRlbnRfc2VydmljZXMnIC10eXBlICdib29sJyAtZGVmYXVsdCAkZmFsc2UKJG5hbWUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnbmFtZScgLXR5cGUgJ3N0cicgLWZhaWxpZmVtcHR5ICR0cnVlCiRwYXNzd29yZCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdwYXNzd29yZCcgLXR5cGUgJ3N0cicKJHBhdGggPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAncGF0aCcKJHN0YXJ0X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnc3RhcnRfbW9kZScgLXR5cGUgJ3N0cicgLXZhbGlkYXRlc2V0ICdhdXRvJywnbWFudWFsJywnZGlzYWJsZWQnLCdkZWxheWVkJwokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnc3RhdGUnIC10eXBlICdzdHInIC12YWxpZGF0ZXNldCAnc3RhcnRlZCcsJ3N0b3BwZWQnLCdyZXN0YXJ0ZWQnLCdhYnNlbnQnLCdwYXVzZWQnCiR1c2VybmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICd1c2VybmFtZScgLXR5cGUgJ3N0cicKCiRyZXN1bHQgPSBAewogICAgY2hhbmdlZCA9ICRmYWxzZQp9CgojIHBhcnNlIHRoZSB1c2VybmFtZSB0byBTSUQgYW5kIGJhY2sgc28gd2UgZ2V0IHRoZSBmdWxsIHVzZXJuYW1lIHdpdGggZG9tYWluIGluIGEgd2F5IFdNSSB1bmRlcnN0YW5kcwppZiAoJHVzZXJuYW1lIC1uZSAkbnVsbCkgewogICAgaWYgKCR1c2VybmFtZSAtZXEgIkxvY2FsU3lzdGVtIikgewogICAgICAgICR1c2VybmFtZV9zaWQgPSAiUy0xLTUtMTgiCiAgICB9IGVsc2UgewogICAgICAgICR1c2VybmFtZV9zaWQgPSBDb252ZXJ0LVRvU0lEIC1hY2NvdW50X25hbWUgJHVzZXJuYW1lCiAgICB9CgogICAgIyB0aGUgU1lTVEVNIGFjY291bnQgaXMgYSBzcGVjaWFsIGJlYXN0LCBXaW4zMl9TZXJ2aWNlIENoYW5nZSByZXF1aXJlcyBTdGFydE5hbWUgdG8gYmUgTG9jYWxTeXN0ZW0KICAgICMgdG8gc3BlY2lmeSBMb2NhbFN5c3RlbS9OVCBBVVRIT1JJVFlcU1lTVEVNCiAgICBpZiAoJHVzZXJuYW1lX3NpZCAtZXEgIlMtMS01LTE4IikgewogICAgICAgICR1c2VybmFtZSA9ICJMb2NhbFN5c3RlbSIKICAgICAgICAkcGFzc3dvcmQgPSAkbnVsbAogICAgfSBlbHNlIHsKICAgICAgICAjIFdpbjMyX1NlcnZpY2UsIHBhc3N3b3JkIG11c3QgYmUgIiIgYW5kIG5vdCAkbnVsbCB3aGVuIHNldHRpbmcgdG8gTG9jYWxTZXJ2aWNlIG9yIE5ldHdvcmtTZXJ2aWNlCiAgICAgICAgaWYgKCR1c2VybmFtZV9zaWQgLWluIEAoIlMtMS01LTE5IiwgIlMtMS01LTIwIikpIHsKICAgICAgICAgICAgJHBhc3N3b3JkID0gIiIKICAgICAgICB9CiAgICAgICAgJHVzZXJuYW1lID0gQ29udmVydC1Gcm9tU0lEIC1zaWQgJHVzZXJuYW1lX3NpZAogICAgfQp9CmlmICgkcGFzc3dvcmQgLW5lICRudWxsIC1hbmQgJHVzZXJuYW1lIC1lcSAkbnVsbCkgewogICAgRmFpbC1Kc29uICRyZXN1bHQgIlRoZSBhcmd1bWVudCAndXNlcm5hbWUnIG11c3QgYmUgc3VwcGxpZWQgd2l0aCAncGFzc3dvcmQnIgp9CmlmICgkZGVza3RvcF9pbnRlcmFjdCAtZXEgJHRydWUgLWFuZCAoLW5vdCAoJHVzZXJuYW1lIC1lcSAiTG9jYWxTeXN0ZW0iIC1vciAkdXNlcm5hbWUgLWVxICRudWxsKSkpIHsKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJDYW4gb25seSBzZXQgJ2Rlc2t0b3BfaW50ZXJhY3QnIHRvIHRydWUgd2hlbiAndXNlcm5hbWUnIGVxdWFscyAnTG9jYWxTeXN0ZW0nIgp9CmlmICgkcGF0aCAtbmUgJG51bGwpIHsKICAgICRwYXRoID0gW1N5c3RlbS5FbnZpcm9ubWVudF06OkV4cGFuZEVudmlyb25tZW50VmFyaWFibGVzKCRwYXRoKQp9CgpGdW5jdGlvbiBHZXQtU2VydmljZUluZm8oJG5hbWUpIHsKICAgICMgTmVlZCB0byBnZXQgbmV3IG9iamVjdHMgc28gd2UgaGF2ZSB0aGUgbGF0ZXN0IGluZm8KICAgICRzdmMgPSBHZXQtU2VydmljZSB8IFdoZXJlLU9iamVjdCB7ICRfLk5hbWUgLWVxICRuYW1lIC1vciAkXy5EaXNwbGF5TmFtZSAtZXEgJG5hbWUgfQogICAgJHdtaV9zdmMgPSBHZXQtQ2ltSW5zdGFuY2UgLUNsYXNzTmFtZSBXaW4zMl9TZXJ2aWNlIC1GaWx0ZXIgIm5hbWU9JyQoJHN2Yy5OYW1lKSciCgogICAgIyBEZWxheWVkIHN0YXJ0X21vZGUgaXMgaW4gcmVhbGl0eSBBdXRvbWF0aWMgKERlbGF5ZWQpLCBuZWVkIHRvIGNoZWNrIHJlZyBrZXkgZm9yIHR5cGUKICAgICRkZWxheWVkID0gR2V0LURlbGF5ZWRTdGF0dXMgLW5hbWUgJHN2Yy5OYW1lCiAgICAkYWN0dWFsX3N0YXJ0X21vZGUgPSAkd21pX3N2Yy5TdGFydE1vZGUuVG9TdHJpbmcoKS5Ub0xvd2VyKCkgCiAgICBpZiAoJGRlbGF5ZWQgLWFuZCAkYWN0dWFsX3N0YXJ0X21vZGUgLWVxICdhdXRvJykgewogICAgICAgICRhY3R1YWxfc3RhcnRfbW9kZSA9ICdkZWxheWVkJwogICAgfQoKICAgICRleGlzdGluZ19kZXBlbmRlbmNpZXMgPSBAKCkKICAgICRleGlzdGluZ19kZXBlbmRlZF9ieSA9IEAoKQogICAgaWYgKCRzdmMuU2VydmljZXNEZXBlbmRlZE9uLkNvdW50IC1ndCAwKSB7CiAgICAgICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJHN2Yy5TZXJ2aWNlc0RlcGVuZGVkT24uTmFtZSkgewogICAgICAgICAgICAkZXhpc3RpbmdfZGVwZW5kZW5jaWVzICs9ICRkZXBlbmRlbmN5CiAgICAgICAgfQogICAgfQogICAgaWYgKCRzdmMuRGVwZW5kZW50U2VydmljZXMuQ291bnQgLWd0IDApIHsKICAgICAgICBmb3JlYWNoICgkZGVwZW5kZW5jeSBpbiAkc3ZjLkRlcGVuZGVudFNlcnZpY2VzLk5hbWUpIHsKICAgICAgICAgICAgJGV4aXN0aW5nX2RlcGVuZGVkX2J5ICs9ICRkZXBlbmRlbmN5CiAgICAgICAgfQogICAgfQogICAgJGRlc2NyaXB0aW9uID0gJHdtaV9zdmMuRGVzY3JpcHRpb24KICAgIGlmICgkZGVzY3JpcHRpb24gLWVxICRudWxsKSB7CiAgICAgICAgJGRlc2NyaXB0aW9uID0gIiIKICAgIH0KCiAgICAkcmVzdWx0LmV4aXN0cyA9ICR0cnVlCiAgICAkcmVzdWx0Lm5hbWUgPSAkc3ZjLk5hbWUKICAgICRyZXN1bHQuZGlzcGxheV9uYW1lID0gJHN2Yy5EaXNwbGF5TmFtZQogICAgJHJlc3VsdC5zdGF0ZSA9ICRzdmMuU3RhdHVzLlRvU3RyaW5nKCkuVG9Mb3dlcigpCiAgICAkcmVzdWx0LnN0YXJ0X21vZGUgPSAkYWN0dWFsX3N0YXJ0X21vZGUKICAgICRyZXN1bHQucGF0aCA9ICR3bWlfc3ZjLlBhdGhOYW1lCiAgICAkcmVzdWx0LmRlc2NyaXB0aW9uID0gJGRlc2NyaXB0aW9uCiAgICAkcmVzdWx0LnVzZXJuYW1lID0gJHdtaV9zdmMuU3RhcnROYW1lCiAgICAkcmVzdWx0LmRlc2t0b3BfaW50ZXJhY3QgPSAkd21pX3N2Yy5EZXNrdG9wSW50ZXJhY3QKICAgICRyZXN1bHQuZGVwZW5kZW5jaWVzID0gJGV4aXN0aW5nX2RlcGVuZGVuY2llcwogICAgJHJlc3VsdC5kZXBlbmRlZF9ieSA9ICRleGlzdGluZ19kZXBlbmRlZF9ieQogICAgJHJlc3VsdC5jYW5fcGF1c2VfYW5kX2NvbnRpbnVlID0gJHN2Yy5DYW5QYXVzZUFuZENvbnRpbnVlCn0KCkZ1bmN0aW9uIEdldC1XbWlFcnJvck1lc3NhZ2UoJHJldHVybl92YWx1ZSkgewogICAgIyBUaGVzZSB2YWx1ZXMgYXJlIGRlcml2ZWQgZnJvbSBodHRwczovL21zZG4ubWljcm9zb2Z0LmNvbS9lbi11cy9saWJyYXJ5L2FhMzg0OTAxKHY9dnMuODUpLmFzcHgKICAgIHN3aXRjaCAoJHJldHVybl92YWx1ZSkgewogICAgICAgIDEgeyAiTm90IFN1cHBvcnRlZDogVGhlIHJlcXVlc3QgaXMgbm90IHN1cHBvcnRlZCIgfQogICAgICAgIDIgeyAiQWNjZXNzIERlbmllZDogVGhlIHVzZXIgZGlkIG5vdCBoYXZlIHRoZSBuZWNlc3NhcnkgYWNjZXNzIiB9CiAgICAgICAgMyB7ICJEZXBlbmRlbnQgU2VydmljZXMgUnVubmluZzogVGhlIHNlcnZpY2UgY2Fubm90IGJlIHN0b3BwZWQgYmVjYXVzZSBvdGhlciBzZXJ2aWNlcyB0aGF0IGFyZSBydW5uaW5nIGFyZSBkZXBlbmRlbnQgb24gaXQiIH0KICAgICAgICA0IHsgIkludmFsaWQgU2VydmljZSBDb250cm9sOiBUaGUgcmVxdWVzdGVkIGNvbnRyb2wgY29kZSBpcyBub3QgdmFsaWQsIG9yIGl0IGlzIHVuYWNjZXB0YWJsZSB0byB0aGUgc2VydmljZSIgfQogICAgICAgIDUgeyAiU2VydmljZSBDYW5ub3QgQWNjZXB0IENvbnRyb2w6IFRoZSByZXF1ZXN0ZWQgY29udHJvbCBjb2RlIGNhbm5vdCBiZSBzZW50IHRvIHRoZSBzZXJ2aWNlIGJlY2F1c2UgdGhlIHN0YXRlIG9mIHRoZSBzZXJ2aWNlIChXaW4zMl9CYXNlU2VydmljZS5TdGF0ZSBwcm9wZXJ0eSkgaXMgZXF1YWwgdG8gMCwgMSwgb3IgMiIgfQogICAgICAgIDYgeyAiU2VydmljZSBOb3QgQWN0aXZlOiBUaGUgc2VydmljZSBoYXMgbm90IGJlZW4gc3RhcnRlZCIgfQogICAgICAgIDcgeyAiU2VydmljZSBSZXF1ZXN0IFRpbWVvdXQ6IFRoZSBzZXJ2aWNlIGRpZCBub3QgcmVzcG9uZCB0byB0aGUgc3RhcnQgcmVxdWVzdCBpbiBhIHRpbWVseSBmYXNoaW9uIiB9CiAgICAgICAgOCB7ICJVbmtub3duIEZhaWx1cmU6IFVua25vd24gZmFpbHVyZSB3aGVuIHN0YXJ0aW5nIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgOSB7ICJQYXRoIE5vdCBGb3VuZDogVGhlIGRpcmVjdG9yeSBwYXRoIHRvIHRoZSBzZXJ2aWNlIGV4ZWN1dGFibGUgZmlsZSB3YXMgbm90IGZvdW5kIiB9CiAgICAgICAgMTAgeyAiU2VydmljZSBBbHJlYWR5IFJ1bm5pbmc6IFRoZSBzZXJ2aWNlIGlzIGFscmVhZHkgcnVubmluZyIgfQogICAgICAgIDExIHsgIlNlcnZpY2UgRGF0YWJhc2UgTG9ja2VkOiBUaGUgZGF0YWJhc2UgdG8gYWRkIGEgbmV3IHNlcnZpY2UgaXMgbG9ja2VkIiB9CiAgICAgICAgMTIgeyAiU2VydmljZSBEZXBlbmRlbmN5IERlbGV0ZWQ6IEEgZGVwZW5kZW5jeSB0aGlzIHNlcnZpY2UgcmVsaWVzIG9uIGhhcyBiZWVuIHJlbW92ZWQgZnJvbSB0aGUgc3lzdGVtIiB9CiAgICAgICAgMTMgeyAiU2VydmljZSBEZXBlbmRlbmN5IEZhaWx1cmU6IFRoZSBzZXJ2aWNlIGZhaWxlZCB0byBmaW5kIHRoZSBzZXJ2aWNlIG5lZWRlZCBmcm9tIGEgZGVwZW5kZW50IHNlcnZpY2UiIH0KICAgICAgICAxNCB7ICJTZXJ2aWNlIERpc2FibGVkOiBUaGUgc2VydmljZSBoYXMgYmVlbiBkaXNhYmxlZCBmcm9tIHRoZSBzeXN0ZW0iIH0KICAgICAgICAxNSB7ICJTZXJ2aWNlIExvZ29uIEZhaWxlZDogVGhlIHNlcnZpY2UgZG9lcyBub3QgaGF2ZSB0aGUgY29ycmVjdCBhdXRoZW50aWNhdGlvbiB0byBydW4gb24gdGhlIHN5c3RlbSIgfQogICAgICAgIDE2IHsgIlNlcnZpY2UgTWFya2VkIEZvciBEZWxldGlvbjogVGhpcyBzZXJ2aWNlIGlzIGJlaW5nIHJlbW92ZWQgZnJvbSB0aGUgc3lzdGVtIiB9CiAgICAgICAgMTcgeyAiU2VydmljZSBObyBUaHJlYWQ6IFRoZSBzZXJ2aWNlIGhhcyBubyBleGVjdXRpb24gdGhyZWFkIiB9CiAgICAgICAgMTggeyAiU3RhdHVzIENpcmN1bGFyIERlcGVuZGVuY3k6IFRoZSBzZXJ2aWNlIGhhcyBjaXJjdWxhciBkZXBlbmRlbmNpZXMgd2hlbiBpdCBzdGFydHMiIH0KICAgICAgICAxOSB7ICJTdGF0dXMgRHVwbGljYXRlIE5hbWU6IEEgc2VydmljZSBpcyBydW5uaW5nIHVuZGVyIHRoZSBzYW1lIG5hbWUiIH0KICAgICAgICAyMCB7ICJTdGF0dXMgSW52YWxpZCBOYW1lOiBUaGUgc2VydmljZSBuYW1lIGhhcyBpbnZhbGlkIGNoYXJhY3RlcnMiIH0KICAgICAgICAyMSB7ICJTdGF0dXMgSW52YWxpZCBQYXJhbWV0ZXI6IEludmFsaWQgcGFyYW1ldGVycyBoYXZlIGJlZW4gcGFzc2VkIHRvIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgMjIgeyAiU3RhdHVzIEludmFsaWQgU2VydmljZSBBY2NvdW50OiBUaGUgYWNjb3VudCB1bmRlciB3aGljaCB0aGlzIHNlcnZpY2UgcnVucyBpcyBlaXRoZXIgaW52YWxpZCBvciBsYWNrcyB0aGUgcGVybWlzc2lvbnMgdG8gcnVuIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgMjMgeyAiU3RhdHVzIFNlcnZpY2UgRXhpc3RzOiBUaGUgc2VydmljZSBleGlzdHMgaW4gdGhlIGRhdGFiYXNlIG9mIHNlcnZpY2VzIGF2YWlsYWJsZSBmcm9tIHRoZSBzeXN0ZW0iIH0KICAgICAgICAyNCB7ICJTZXJ2aWNlIEFscmVhZHkgUGF1c2VkOiBUaGUgc2VydmljZSBpcyBjdXJyZW50bHkgcGF1c2VkIGluIHRoZSBzeXN0ZW0iIH0KICAgICAgICBkZWZhdWx0IHsgIk90aGVyIEVycm9yIiB9CiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1EZWxheWVkU3RhdHVzKCRuYW1lKSB7CiAgICAkZGVsYXllZF9rZXkgPSAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCRuYW1lIgogICAgdHJ5IHsKICAgICAgICAkZGVsYXllZCA9IENvbnZlcnRUby1Cb29sICgoR2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5KS5EZWxheWVkQXV0b3N0YXJ0KQogICAgfSBjYXRjaCB7CiAgICAgICAgJGRlbGF5ZWQgPSAkZmFsc2UKICAgIH0KCiAgICAkZGVsYXllZAp9CgpGdW5jdGlvbiBTZXQtU2VydmljZVN0YXJ0TW9kZSgkc3ZjLCAkc3RhcnRfbW9kZSkgewogICAgaWYgKCRyZXN1bHQuc3RhcnRfbW9kZSAtbmUgJHN0YXJ0X21vZGUpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkZGVsYXllZF9rZXkgPSAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCQoJHN2Yy5OYW1lKSIKICAgICAgICAgICAgIyBPcmlnaW5hbCBzdGFydCB1cCB0eXBlIHdhcyBhdXRvIChkZWxheWVkKSBhbmQgd2Ugd2FudCBhdXRvLCBuZWVkIHRvIHJlbW92ZWQgZGVsYXllZCBrZXkKICAgICAgICAgICAgaWYgKCRzdGFydF9tb2RlIC1lcSAnYXV0bycgLWFuZCAkcmVzdWx0LnN0YXJ0X21vZGUgLWVxICdkZWxheWVkJykgewogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMCAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgYXV0byBhbmQgd2Ugd2FudCBhdXRvIChkZWxheWVkKSwgbmVlZCB0byBhZGQgZGVsYXllZCBrZXkKICAgICAgICAgICAgfSBlbHNlaWYgKCRzdGFydF9tb2RlIC1lcSAnZGVsYXllZCcgLWFuZCAkcmVzdWx0LnN0YXJ0X21vZGUgLWVxICdhdXRvJykgewogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMSAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQ ScriptBlock ID: 1c7ed1bb-54c1-45cd-9228-83b65fcf65b5 Path:	4104	1		3	2	15	0	1696	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4608	2988	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:15 PM	e5295ba9-9827-0001-af5c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): Akb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCA ScriptBlock ID: 1c7ed1bb-54c1-45cd-9228-83b65fcf65b5 Path:	4104	1		3	2	15	0	1695	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4608	2988	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:15 PM	e5295ba9-9827-0001-af5c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.SID": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCkZ1bmN0aW9uIENvbnZlcnQtRnJvbVNJRCgkc2lkKSB7CiAgICAjIENvbnZlcnRzIGEgU0lEIHRvIGEgRG93bi1MZXZlbCBMb2dvbiBuYW1lIGluIHRoZSBmb3JtIG9mIERPTUFJTlxVc2VyTmFtZQogICAgIyBJZiB0aGUgU0lEIGlzIGZvciBhIGxvY2FsIHVzZXIgb3IgZ3JvdXAgdGhlbiBET01BSU4gd291bGQgYmUgdGhlIHNlcnZlcgogICAgIyBuYW1lLgoKICAgICRhY2NvdW50X29iamVjdCA9IE5ldy1PYmplY3QgU3lzdGVtLlNlY3VyaXR5LlByaW5jaXBhbC5TZWN1cml0eUlkZW50aWZpZXIoJHNpZCkKICAgIHRyeSB7CiAgICAgICAgJG50X2FjY291bnQgPSAkYWNjb3VudF9vYmplY3QuVHJhbnNsYXRlKFtTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudF0pCiAgICB9IGNhdGNoIHsKICAgICAgICBGYWlsLUpzb24gLW9iaiBAe30gLW1lc3NhZ2UgImZhaWxlZCB0byBjb252ZXJ0IHNpZCAnJHNpZCcgdG8gYSBsb2dvbiBuYW1lOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KCiAgICByZXR1cm4gJG50X2FjY291bnQuVmFsdWUKfQoKRnVuY3Rpb24gQ29udmVydC1Ub1NJRCB7CiAgICBbRGlhZ25vc3RpY3MuQ29kZUFuYWx5c2lzLlN1cHByZXNzTWVzc2FnZUF0dHJpYnV0ZSgiUFNBdm9pZFVzaW5nRW1wdHlDYXRjaEJsb2NrIiwgIiIsIEp1c3RpZmljYXRpb249IldlIGRvbid0IGNhcmUgaWYgY29udmVydGluZyB0byBhIFNJRCBmYWlscywganVzdCB0aGF0IGl0IGZhaWxlZCBvciBub3QiKV0KICAgIHBhcmFtKCRhY2NvdW50X25hbWUpCiAgICAjIENvbnZlcnRzIGFuIGFjY291bnQgbmFtZSB0byBhIFNJRCwgaXQgY2FuIHRha2UgaW4gdGhlIGZvbGxvd2luZyBmb3JtcwogICAgIyBTSUQ6IFdpbGwganVzdCByZXR1cm4gdGhlIFNJRCB2YWx1ZSB0aGF0IHdhcyBwYXNzZWQgaW4KICAgICMgVVBOOgogICAgIyAgIHByaW5jaXBhbEBkb21haW4gKERvbWFpbiB1c2VycyBvbmx5KQogICAgIyBEb3duLUxldmVsIExvZ2luIE5hbWUKICAgICMgICBET01BSU5ccHJpbmNpcGFsIChEb21haW4pCiAgICAjICAgU0VSVkVSTkFNRVxwcmluY2lwYWwgKExvY2FsKQogICAgIyAgIC5ccHJpbmNpcGFsIChMb2NhbCkKICAgICMgICBOVCBBVVRIT1JJVFlcU1lTVEVNIChMb2NhbCBTZXJ2aWNlIEFjY291bnRzKQogICAgIyBMb2dpbiBOYW1lCiAgICAjICAgcHJpbmNpcGFsIChMb2NhbC9Mb2NhbCBTZXJ2aWNlIEFjY291bnRzKQoKICAgIHRyeSB7CiAgICAgICAgJHNpZCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5QcmluY2lwYWwuU2VjdXJpdHlJZGVudGlmaWVyIC1Bcmd1bWVudExpc3QgJGFjY291bnRfbmFtZQogICAgICAgIHJldHVybiAkc2lkLlZhbHVlCiAgICB9IGNhdGNoIHt9CgogICAgaWYgKCRhY2NvdW50X25hbWUgLWxpa2UgIipcKiIpIHsKICAgICAgICAkYWNjb3VudF9uYW1lX3NwbGl0ID0gJGFjY291bnRfbmFtZSAtc3BsaXQgIlxcIgogICAgICAgIGlmICgkYWNjb3VudF9uYW1lX3NwbGl0WzBdIC1lcSAiLiIpIHsKICAgICAgICAgICAgJGRvbWFpbiA9ICRlbnY6Q09NUFVURVJOQU1FCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJGRvbWFpbiA9ICRhY2NvdW50X25hbWVfc3BsaXRbMF0KICAgICAgICB9CiAgICAgICAgJHVzZXJuYW1lID0gJGFjY291bnRfbmFtZV9zcGxpdFsxXQogICAgfSBlbHNlaWYgKCRhY2NvdW50X25hbWUgLWxpa2UgIipAKiIpIHsKICAgICAgICAkYWNjb3VudF9uYW1lX3NwbGl0ID0gJGFjY291bnRfbmFtZSAtc3BsaXQgIkAiCiAgICAgICAgJGRvbWFpbiA9ICRhY2NvdW50X25hbWVfc3BsaXRbMV0KICAgICAgICAkdXNlcm5hbWUgPSAkYWNjb3VudF9uYW1lX3NwbGl0WzBdCiAgICB9IGVsc2UgewogICAgICAgICRkb21haW4gPSAkbnVsbAogICAgICAgICR1c2VybmFtZSA9ICRhY2NvdW50X25hbWUKICAgIH0KCiAgICBpZiAoJGRvbWFpbikgewogICAgICAgICMgc2VhcmNoaW5nIGZvciBhIGxvY2FsIGdyb3VwIHdpdGggdGhlIHNlcnZlcm5hbWUgcHJlZml4ZWQgd2lsbCBmYWlsLAogICAgICAgICMgbmVlZCB0byBjaGVjayBmb3IgdGhpcyBzaXR1YXRpb24gYW5kIG9ubHkgdXNlIE5UQWNjb3VudChTdHJpbmcpCiAgICAgICAgaWYgKCRkb21haW4gLWVxICRlbnY6Q09NUFVURVJOQU1FKSB7CiAgICAgICAgICAgICRhZHNpID0gW0FEU0ldKCJXaW5OVDovLyRlbnY6Q09NUFVURVJOQU1FLGNvbXB1dGVyIikKICAgICAgICAgICAgJGdyb3VwID0gJGFkc2kucHNiYXNlLmNoaWxkcmVuIHwgV2hlcmUtT2JqZWN0IHsgJF8uc2NoZW1hQ2xhc3NOYW1lIC1lcSAiZ3JvdXAiIC1hbmQgJF8uTmFtZSAtZXEgJHVzZXJuYW1lIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZ3JvdXAgPSAkbnVsbAogICAgICAgIH0KICAgICAgICBpZiAoJGdyb3VwKSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkdXNlcm5hbWUpCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJGFjY291bnQgPSBOZXctT2JqZWN0IFN5c3RlbS5TZWN1cml0eS5QcmluY2lwYWwuTlRBY2NvdW50KCRkb21haW4sICR1c2VybmFtZSkKICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICMgd2hlbiBpbiBhIGRvbWFpbiBOVEFjY291bnQoU3RyaW5nKSB3aWxsIGZhdm91ciBkb21haW4gbG9va3VwcyBjaGVjawogICAgICAgICMgaWYgdXNlcm5hbWUgaXMgYSBsb2NhbCB1c2VyIGFuZCBleHBsaWN0bHkgc2VhcmNoIG9uIHRoZSBsb2NhbGhvc3QgZm9yCiAgICAgICAgIyB0aGF0IGFjY291bnQKICAgICAgICAkYWRzaSA9IFtBRFNJXSgiV2luTlQ6Ly8kZW52OkNPTVBVVEVSTkFNRSxjb21wdXRlciIpCiAgICAgICAgJHVzZXIgPSAkYWRzaS5wc2Jhc2UuY2hpbGRyZW4gfCBXaGVyZS1PYmplY3QgeyAkXy5zY2hlbWFDbGFzc05hbWUgLWVxICJ1c2VyIiAtYW5kICRfLk5hbWUgLWVxICR1c2VybmFtZSB9CiAgICAgICAgaWYgKCR1c2VyKSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkZW52OkNPTVBVVEVSTkFNRSwgJHVzZXJuYW1lKQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkdXNlcm5hbWUpCiAgICAgICAgfQogICAgfQogICAgCiAgICB0cnkgewogICAgICAgICRhY2NvdW50X3NpZCA9ICRhY2NvdW50LlRyYW5zbGF0ZShbU3lzdGVtLlNlY3VyaXR5LlByaW5jaXBhbC5TZWN1cml0eUlkZW50aWZpZXJdKQogICAgfSBjYXRjaCB7CiAgICAgICAgRmFpbC1Kc29uIEB7fSAiYWNjb3VudF9uYW1lICRhY2NvdW50X25hbWUgaXMgbm90IGEgdmFsaWQgYWNjb3VudCwgY2Fubm90IGdldCBTSUQ6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQogICAgCiAgICByZXR1cm4gJGFjY291bnRfc2lkLlZhbHVlCn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ci ScriptBlock ID: 1c7ed1bb-54c1-45cd-9228-83b65fcf65b5 Path:	4104	1		3	2	15	0	1694	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4608	2988	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:15 PM	e5295ba9-9827-0001-af5c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1693	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4608	4604	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:15 PM	e5295ba9-9827-0002-cc5c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4608 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1692	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4608	3252	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:15 PM	e5295ba9-9827-0002-cc5c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1691	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4608	4604	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:15 PM	e5295ba9-9827-0002-cc5c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Error Message = Exception calling ".ctor" with "1" argument(s): "Value was invalid. Parameter name: sddlForm" Fully Qualified Error ID = ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand Context: Severity = Warning Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = db45e7bc-2864-4b5c-b4a1-c87a406582ae Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 9aeb18c3-64e1-4d4e-a793-12031896f187 Pipeline ID = 6 Command Name = New-Object Command Type = Cmdlet Script Name = Command Path = Sequence Number = 33 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4100	1		3	106	19	0	1690	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5048	4904	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:08 PM	e5295ba9-9827-0001-725c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	To be used when an exception is raised	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 23f794b5-fcd3-45d4-a76f-5e45f212090c Path:	4104	1		3	2	15	0	1689	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5048	4832	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:07 PM	e5295ba9-9827-0001-5b5c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: b6498ae2-1210-4885-b16b-33ad71fff20e Path:	4104	1		3	2	15	0	1688	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5048	4832	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:07 PM	e5295ba9-9827-0000-7f5c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): , "_ansible_shell_executable": "/bin/sh", "username": "administrator@cbci-805629-1.local", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "description": "OpenStack nova Compute Service", "_ansible_syslog_facility": "LOG_USER", "_ansible_keep_remote_files": false, "_ansible_socket": null, "path": "c:\\openstack\\bin\\OpenStackService.exe nova-compute c:\\python37\\scripts\\nova-compute.exe --config-file c:\\openstack\\etc\\nova.conf", "password": "Passw0rd", "_ansible_no_log": false, "name": "nova-compute", "start_mode": "auto", "_ansible_verbosity": 2, "_ansible_diff": false, "_ansible_remote_tmp": "%TEMP%", "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 36569441-bda1-464c-a5ed-354937dd9b89 Path:	4104	1		3	2	15	0	1687	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5048	4832	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:07 PM	e5295ba9-9827-0000-795c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): aWNlIGlzIGJlaW5nIHJlbW92ZWQgZnJvbSB0aGUgc3lzdGVtIiB9CiAgICAgICAgMTcgeyAiU2VydmljZSBObyBUaHJlYWQ6IFRoZSBzZXJ2aWNlIGhhcyBubyBleGVjdXRpb24gdGhyZWFkIiB9CiAgICAgICAgMTggeyAiU3RhdHVzIENpcmN1bGFyIERlcGVuZGVuY3k6IFRoZSBzZXJ2aWNlIGhhcyBjaXJjdWxhciBkZXBlbmRlbmNpZXMgd2hlbiBpdCBzdGFydHMiIH0KICAgICAgICAxOSB7ICJTdGF0dXMgRHVwbGljYXRlIE5hbWU6IEEgc2VydmljZSBpcyBydW5uaW5nIHVuZGVyIHRoZSBzYW1lIG5hbWUiIH0KICAgICAgICAyMCB7ICJTdGF0dXMgSW52YWxpZCBOYW1lOiBUaGUgc2VydmljZSBuYW1lIGhhcyBpbnZhbGlkIGNoYXJhY3RlcnMiIH0KICAgICAgICAyMSB7ICJTdGF0dXMgSW52YWxpZCBQYXJhbWV0ZXI6IEludmFsaWQgcGFyYW1ldGVycyBoYXZlIGJlZW4gcGFzc2VkIHRvIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgMjIgeyAiU3RhdHVzIEludmFsaWQgU2VydmljZSBBY2NvdW50OiBUaGUgYWNjb3VudCB1bmRlciB3aGljaCB0aGlzIHNlcnZpY2UgcnVucyBpcyBlaXRoZXIgaW52YWxpZCBvciBsYWNrcyB0aGUgcGVybWlzc2lvbnMgdG8gcnVuIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgMjMgeyAiU3RhdHVzIFNlcnZpY2UgRXhpc3RzOiBUaGUgc2VydmljZSBleGlzdHMgaW4gdGhlIGRhdGFiYXNlIG9mIHNlcnZpY2VzIGF2YWlsYWJsZSBmcm9tIHRoZSBzeXN0ZW0iIH0KICAgICAgICAyNCB7ICJTZXJ2aWNlIEFscmVhZHkgUGF1c2VkOiBUaGUgc2VydmljZSBpcyBjdXJyZW50bHkgcGF1c2VkIGluIHRoZSBzeXN0ZW0iIH0KICAgICAgICBkZWZhdWx0IHsgIk90aGVyIEVycm9yIiB9CiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1EZWxheWVkU3RhdHVzKCRuYW1lKSB7CiAgICAkZGVsYXllZF9rZXkgPSAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCRuYW1lIgogICAgdHJ5IHsKICAgICAgICAkZGVsYXllZCA9IENvbnZlcnRUby1Cb29sICgoR2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5KS5EZWxheWVkQXV0b3N0YXJ0KQogICAgfSBjYXRjaCB7CiAgICAgICAgJGRlbGF5ZWQgPSAkZmFsc2UKICAgIH0KCiAgICAkZGVsYXllZAp9CgpGdW5jdGlvbiBTZXQtU2VydmljZVN0YXJ0TW9kZSgkc3ZjLCAkc3RhcnRfbW9kZSkgewogICAgaWYgKCRyZXN1bHQuc3RhcnRfbW9kZSAtbmUgJHN0YXJ0X21vZGUpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkZGVsYXllZF9rZXkgPSAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCQoJHN2Yy5OYW1lKSIKICAgICAgICAgICAgIyBPcmlnaW5hbCBzdGFydCB1cCB0eXBlIHdhcyBhdXRvIChkZWxheWVkKSBhbmQgd2Ugd2FudCBhdXRvLCBuZWVkIHRvIHJlbW92ZWQgZGVsYXllZCBrZXkKICAgICAgICAgICAgaWYgKCRzdGFydF9tb2RlIC1lcSAnYXV0bycgLWFuZCAkcmVzdWx0LnN0YXJ0X21vZGUgLWVxICdkZWxheWVkJykgewogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMCAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgYXV0byBhbmQgd2Ugd2FudCBhdXRvIChkZWxheWVkKSwgbmVlZCB0byBhZGQgZGVsYXllZCBrZXkKICAgICAgICAgICAgfSBlbHNlaWYgKCRzdGFydF9tb2RlIC1lcSAnZGVsYXllZCcgLWFuZCAkcmVzdWx0LnN0YXJ0X21vZGUgLWVxICdhdXRvJykgewogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMSAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgbm90IGF1dG8gb3IgYXV0byAoZGVsYXllZCksIG5lZWQgdG8gY2hhbmdlIHRvIGF1dG8gYW5kIGFkZCBkZWxheWVkIGtleQogICAgICAgICAgICB9IGVsc2VpZiAoJHN0YXJ0X21vZGUgLWVxICdkZWxheWVkJykgewogICAgICAgICAgICAgICAgJHN2YyB8IFNldC1TZXJ2aWNlIC1TdGFydHVwVHlwZSAiYXV0byIgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMSAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgbm90IHdoYXQgd2Ugd2VyZSBsb29raW5nIGZvciwganVzdCBjaGFuZ2UgdG8gdGhhdCB0eXBlCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICAkc3ZjIHwgU2V0LVNlcnZpY2UgLVN0YXJ0dXBUeXBlICRzdGFydF9tb2RlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgIH0KICAgICAgICAKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgpGdW5jdGlvbiBTZXQtU2VydmljZUFjY291bnQoJHdtaV9zdmMsICR1c2VybmFtZV9zaWQsICR1c2VybmFtZSwgJHBhc3N3b3JkKSB7CiAgICBpZiAoJHJlc3VsdC51c2VybmFtZSAtZXEgIkxvY2FsU3lzdGVtIikgewogICAgICAgICRhY3R1YWxfc2lkID0gIlMtMS01LTE4IgogICAgfSBlbHNlIHsKICAgICAgICAkYWN0dWFsX3NpZCA9IENvbnZlcnQtVG9TSUQgLWFjY291bnRfbmFtZSAkcmVzdWx0LnVzZXJuYW1lCiAgICB9CgogICAgaWYgKCRhY3R1YWxfc2lkIC1uZSAkdXNlcm5hbWVfc2lkKSB7CiAgICAgICAgJGNoYW5nZV9hcmd1bWVudHMgPSBAewogICAgICAgICAgICBTdGFydE5hbWUgPSAkdXNlcm5hbWUKICAgICAgICAgICAgU3RhcnRQYXNzd29yZCA9ICRwYXNzd29yZAogICAgICAgICAgICBEZXNrdG9wSW50ZXJhY3QgPSAkcmVzdWx0LmRlc2t0b3BfaW50ZXJhY3QKICAgICAgICB9CiAgICAgICAgIyBuZWVkIHRvIGRpc2FibGUgZGVza3RvcCBpbnRlcmFjdCB3aGVuIG5vdCB1c2luZyB0aGUgU1lTVEVNIGFjY291bnQKICAgICAgICBpZiAoJHVzZXJuYW1lX3NpZCAtbmUgIlMtMS01LTE4IikgewogICAgICAgICAgICAkY2hhbmdlX2FyZ3VtZW50cy5EZXNrdG9wSW50ZXJhY3QgPSAkZmFsc2UKICAgICAgICB9CgogICAgICAgICNXTUkuQ2hhbmdlIGRvZXNuJ3Qgc3VwcG9ydCAtV2hhdElmLCBjYW5ub3QgZnVsbHkgdGVzdCB3aXRoIGNoZWNrX21vZGUKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAkcmV0dXJuID0gJHdtaV9zdmMgfCBJbnZva2UtQ2ltTWV0aG9kIC1NZXRob2ROYW1lIENoYW5nZSAtQXJndW1lbnRzICRjaGFuZ2VfYXJndW1lbnRzCiAgICAgICAgICAgIGlmICgkcmV0dXJuLlJldHVyblZhbHVlIC1uZSAwKSB7CiAgICAgICAgICAgICAgICAkZXJyb3JfbXNnID0gR2V0LVdtaUVycm9yTWVzc2FnZSAtcmV0dXJuX3ZhbHVlICRyZXN1bHQuUmV0dXJuVmFsdWUKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBzZXQgc2VydmljZSBhY2NvdW50IHRvICQoJHVzZXJuYW1lKTogJCgkcmV0dXJuLlJldHVyblZhbHVlKSAtICRlcnJvcl9tc2ciCiAgICAgICAgICAgIH0KICAgICAgICB9ICAgICAgICAKCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEZXNrdG9wSW50ZXJhY3QoJHdtaV9zdmMsICRkZXNrdG9wX2ludGVyYWN0KSB7CiAgICBpZiAoJHJlc3VsdC5kZXNrdG9wX2ludGVyYWN0IC1uZSAkZGVza3RvcF9pbnRlcmFjdCkgewogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICRyZXR1cm4gPSAkd21pX3N2YyB8IEludm9rZS1DaW1NZXRob2QgLU1ldGhvZE5hbWUgQ2hhbmdlIC1Bcmd1bWVudHMgQHtEZXNrdG9wSW50ZXJhY3QgPSAkZGVza3RvcF9pbnRlcmFjdH0KICAgICAgICAgICAgaWYgKCRyZXR1cm4uUmV0dXJuVmFsdWUgLW5lIDApIHsKICAgICAgICAgICAgICAgICRlcnJvcl9tc2cgPSBHZXQtV21pRXJyb3JNZXNzYWdlIC1yZXR1cm5fdmFsdWUgJHJldHVybi5SZXR1cm5WYWx1ZQogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRmFpbGVkIHRvIHNldCBkZXNrdG9wIGludGVyYWN0ICQoJGRlc2t0b3BfaW50ZXJhY3QpOiAkKCRyZXR1cm4uUmV0dXJuVmFsdWUpIC0gJGVycm9yX21zZyIKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEaXNwbGF5TmFtZSgkc3ZjLCAkZGlzcGxheV9uYW1lKSB7CiAgICBpZiAoJHJlc3VsdC5kaXNwbGF5X25hbWUgLW5lICRkaXNwbGF5X25hbWUpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU2V0LVNlcnZpY2UgLURpc3BsYXlOYW1lICRkaXNwbGF5X25hbWUgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgIH0KICAgICAgICAKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgpGdW5jdGlvbiBTZXQtU2VydmljZURlc2NyaXB0aW9uKCRzdmMsICRkZXNjcmlwdGlvbikgewogICAgaWYgKCRyZXN1bHQuZGVzY3JpcHRpb24gLW5lICRkZXNjcmlwdGlvbikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgICRzdmMgfCBTZXQtU2VydmljZSAtRGVzY3JpcHRpb24gJGRlc2NyaXB0aW9uIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VQYXRoKCRuYW1lLCAkcGF0aCkgewogICAgaWYgKCRyZXN1bHQucGF0aCAtbmUgJHBhdGgpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICBTZXQtSXRlbVByb3BlcnR5IC1MaXRlcmFsUGF0aCAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCRuYW1lIiAtTmFtZSBJbWFnZVBhdGggLVZhbHVlICRwYXRoIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEZXBlbmRlbmNpZXMoJHdtaV9zdmMsICRkZXBlbmRlbmN5X2FjdGlvbiwgJGRlcGVuZGVuY2llcykgewogICAgJGV4aXN0aW5nX2RlcGVuZGVuY2llcyA9ICRyZXN1bHQuZGVwZW5kZW5jaWVzCiAgICBbU3lzdGVtLkNvbGxlY3Rpb25zLkFycmF5TGlzdF0kbmV3X2RlcGVuZGVuY2llcyA9IEAoKQoKICAgIGlmICgkZGVwZW5kZW5jeV9hY3Rpb24gLWVxICdzZXQnKSB7CiAgICAgICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJGRlcGVuZGVuY2llcykgewogICAgICAgICAgICAkbmV3X2RlcGVuZGVuY2llcy5BZGQoJGRlcGVuZGVuY3kpCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkbmV3X2RlcGVuZGVuY2llcyA9ICRleGlzdGluZ19kZXBlbmRlbmNpZXMKICAgICAgICBmb3JlYWNoICgkZGVwZW5kZW5jeSBpbiAkZGVwZW5kZW5jaWVzKSB7CiAgICAgICAgICAgIGlmICgkZGVwZW5kZW5jeV9hY3Rpb24gLWVxICdyZW1vdmUnKSB7CiAgICAgICAgICAgICAgICBpZiAoJG5ld19kZXBlbmRlbmNpZXMgLWNvbnRhaW5zICRkZXBlbmRlbmN5KSB7CiAgICAgICAgICAgICAgICAgICAgJG5ld19kZXBlbmRlbmNpZXMuUmVtb3ZlKCRkZXBlbmRlbmN5KQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2VpZiAoJGRlcGVuZGVuY3lfYWN0aW9uIC1lcSAnYWRkJykgewogICAgICAgICAgICAgICAgaWYgKCRuZXdfZGVwZW5kZW5jaWVzIC1ub3Rjb250YWlucyAkZGVwZW5kZW5jeSkgewogICAgICAgICAgICAgICAgICAgICRuZXdfZGVwZW5kZW5jaWVzLkFkZCgkZGVwZW5kZW5jeSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAkd2lsbF9jaGFuZ2UgPSAkZmFsc2UKICAgIGZvcmVhY2ggKCRkZXBlbmRlbmN5IGluICRuZXdfZGVwZW5kZW5jaWVzKSB7CiAgICAgICAgaWYgKCRleGlzdGluZ19kZXBlbmRlbmNpZXMgLW5vdGNvbnRhaW5zICRkZXBlbmRlbmN5KSB7CiAgICAgICAgICAgICR3aWxsX2NoYW5nZSA9ICR0cnVlCiAgICAgICAgfQogICAgfQogICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJGV4aXN0aW5nX2RlcGVuZGVuY2llcykgewogICAgICAgIGlmICgkbmV3X2RlcGVuZGVuY2llcyAtbm90Y29udGFpbnMgJGRlcGVuZGVuY3kpIHsKICAgICAgICAgICAgJHdpbGxfY2hhbmdlID0gJHRydWUKICAgICAgICB9CiAgICB9CgogICAgaWYgKCR3aWxsX2NoYW5nZSAtZXEgJHRydWUpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAkcmV0dXJuID0gJHdtaV9zdmMgfCBJbnZva2UtQ2ltTWV0aG9kIC1NZXRob2ROYW1lIENoYW5nZSAtQXJndW1lbnRzIEB7U2VydmljZURlcGVuZGVuY2llcyA9ICRuZXdfZGVwZW5kZW5jaWVzfQogICAgICAgICAgICBpZiAoJHJldHVybi5SZXR1cm5WYWx1ZSAtbmUgMCkgewogICAgICAgICAgICAgICAgJGVycm9yX21zZyA9IEdldC1XbWlFcnJvck1lc3NhZ2UgLXJldHVybl92YWx1ZSAkcmV0dXJuLlJldHVyblZhbHVlCiAgICAgICAgICAgICAgICAkZGVwX3N0cmluZyA9ICRuZXdfZGVwZW5kZW5jaWVzIC1qb2luICIsICIKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBzZXQgc2VydmljZSBkZXBlbmRlbmNpZXMgJCgkZGVwX3N0cmluZyk6ICQoJHJldHVybi5SZXR1cm5WYWx1ZSkgLSAkZXJyb3JfbXNnIgogICAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1TZXJ2aWNlU3RhdGUoJHN2YywgJHdtaV9zdmMsICRzdGF0ZSkgewogICAgaWYgKCRzdGF0ZSAtZXEgInN0YXJ0ZWQiIC1hbmQgJHJlc3VsdC5zdGF0ZSAtbmUgInJ1bm5pbmciKSB7CiAgICAgICAgaWYgKCRyZXN1bHQuc3RhdGUgLWVxICJwYXVzZWQiKSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3ZjIHwgUmVzdW1lLVNlcnZpY2UgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJmYWlsZWQgdG8gc3RhcnQgc2VydmljZSBmcm9tIHBhdXNlZCBzdGF0ZSAkKCRzdmMuTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgdHJ5IHsKICAgICAgICAgICAgICAgICRzdmMgfCBTdGFydC1TZXJ2aWNlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgInN0b3BwZWQiIC1hbmQgJHJlc3VsdC5zdGF0ZSAtbmUgInN0b3BwZWQiKSB7CiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHN2YyB8IFN0b3AtU2VydmljZSAtRm9yY2U6JGZvcmNlX2RlcGVuZGVudF9zZXJ2aWNlcyAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICRfLkV4Y2VwdGlvbi5NZXNzYWdlCiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgInJlc3RhcnRlZCIpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgUmVzdGFydC1TZXJ2aWNlIC1Gb3JjZTokZm9yY2VfZGVwZW5kZW50X3NlcnZpY2VzIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAicGF1c2VkIiAtYW5kICRyZXN1bHQuc3RhdGUgLW5lICJwYXVzZWQiKSB7CiAgICAgICAgIyBjaGVjayB0aGF0IHdlIGNhbiBhY3R1YWxseSBwYXVzZSB0aGUgc2VydmljZQogICAgICAgIGlmICgkcmVzdWx0LmNhbl9wYXVzZV9hbmRfY29udGludWUgLWVxICRmYWxzZSkgewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAiZmFpbGVkIHRvIHBhdXNlIHNlcnZpY2UgJCgkc3ZjLk5hbWUpOiBUaGUgc2VydmljZSBkb2VzIG5vdCBzdXBwb3J0IHBhdXNpbmciCiAgICAgICAgfQoKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU3VzcGVuZC1TZXJ2aWNlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgImZhaWxlZCB0byBwYXVzZSBzZXJ2aWNlICQoJHN2Yy5OYW1lKTogJCgkXy5FeGNlcHRpb24uTWVzc2FnZSkiCiAgICAgICAgfQogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgImFic2VudCIpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU3RvcC1TZXJ2aWNlIC1Gb3JjZTokZm9yY2VfZGVwZW5kZW50X3NlcnZpY2VzIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgJHJldHVybiA9ICR3bWlfc3ZjIHwgSW52b2tlLUNpbU1ldGhvZCAtTWV0aG9kTmFtZSBEZWxldGUKICAgICAgICAgICAgaWYgKCRyZXR1cm4uUmV0dXJuVmFsdWUgLW5lIDApIHsKICAgICAgICAgICAgICAgICRlcnJvcl9tc2cgPSBHZXQtV21pRXJyb3JNZXNzYWdlIC1yZXR1cm5fdmFsdWUgJHJldHVybi5SZXR1cm5WYWx1ZQogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRmFpbGVkIHRvIGRlbGV0ZSBzZXJ2aWNlICQoJHN2Yy5OYW1lKTogJCgkcmV0dXJuLlJldHVyblZhbHVlKSAtICRlcnJvcl9tc2ciCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VDb25maWd1cmF0aW9uKCRzdmMpIHsKICAgICR3bWlfc3ZjID0gR2V0LUNpbUluc3RhbmNlIC1DbGFzc05hbWUgV2luMzJfU2VydmljZSAtRmlsdGVyICJuYW1lPSckKCRzdmMuTmFtZSknIgogICAgR2V0LVNlcnZpY2VJbmZvIC1uYW1lICRzdmMuTmFtZQogICAgaWYgKCRkZXNrdG9wX2ludGVyYWN0IC1lcSAkdHJ1ZSAtYW5kICgtbm90ICgkcmVzdWx0LnVzZXJuYW1lIC1lcSAnTG9jYWxTeXN0ZW0nIC1vciAkdXNlcm5hbWUgLWVxICdMb2NhbFN5c3RlbScpKSkgewogICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJDYW4gb25seSBzZXQgZGVza3RvcF9pbnRlcmFjdCB0byB0cnVlIHdoZW4gc2VydmljZSBpcyBydW4gd2l0aC9vciAndXNlcm5hbWUnIGVxdWFscyAnTG9jYWxTeXN0ZW0nIgogICAgfQoKICAgIGlmICgkc3RhcnRfbW9kZSAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZVN0YXJ0TW9kZSAtc3ZjICRzdmMgLXN0YXJ0X21vZGUgJHN0YXJ0X21vZGUKICAgIH0KCiAgICBpZiAoJHVzZXJuYW1lIC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlQWNjb3VudCAtd21pX3N2YyAkd21pX3N2YyAtdXNlcm5hbWVfc2lkICR1c2VybmFtZV9zaWQgLXVzZXJuYW1lICR1c2VybmFtZSAtcGFzc3dvcmQgJHBhc3N3b3JkCiAgICB9CgogICAgaWYgKCRkaXNwbGF5X25hbWUgLW5lICRudWxsKSB7CiAgICAgICAgU2V0LVNlcnZpY2VEaXNwbGF5TmFtZSAtc3ZjICRzdmMgLWRpc3BsYXlfbmFtZSAkZGlzcGxheV9uYW1lCiAgICB9CgogICAgaWYgKCRkZXNrdG9wX2ludGVyYWN0IC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlRGVza3RvcEludGVyYWN0IC13bWlfc3ZjICR3bWlfc3ZjIC1kZXNrdG9wX2ludGVyYWN0ICRkZXNrdG9wX2ludGVyYWN0CiAgICB9CgogICAgaWYgKCRkZXNjcmlwdGlvbiAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZURlc2NyaXB0aW9uIC1zdmMgJHN2YyAtZGVzY3JpcHRpb24gJGRlc2NyaXB0aW9uCiAgICB9CgogICAgaWYgKCRwYXRoIC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlUGF0aCAtbmFtZSAkc3ZjLk5hbWUgLXBhdGggJHBhdGgKICAgIH0KCiAgICBpZiAoJGRlcGVuZGVuY2llcyAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZURlcGVuZGVuY2llcyAtd21pX3N2YyAkd21pX3N2YyAtZGVwZW5kZW5jeV9hY3Rpb24gJGRlcGVuZGVuY3lfYWN0aW9uIC1kZXBlbmRlbmNpZXMgJGRlcGVuZGVuY2llcwogICAgfQoKICAgIGlmICgkc3RhdGUgLW5lICRudWxsKSB7CiAgICAgICAgU2V0LVNlcnZpY2VTdGF0ZSAtc3ZjICRzdmMgLXdtaV9zdmMgJHdtaV9zdmMgLXN0YXRlICRzdGF0ZQogICAgfQp9CgojIG5lZWQgdG8gdXNlIFdoZXJlLU9iamVjdCBhcyAtTmFtZSBkb2Vzbid0IHdvcmsgd2l0aCBbXSBpbiB0aGUgc2VydmljZSBuYW1lCiMgaHR0cHM6Ly9naXRodWIuY29tL2Fuc2libGUvYW5zaWJsZS9pc3N1ZXMvMzc2MjEKJHN2YyA9IEdldC1TZXJ2aWNlIHwgV2hlcmUtT2JqZWN0IHsgJF8uTmFtZSAtZXEgJG5hbWUgLW9yICRfLkRpc3BsYXlOYW1lIC1lcSAkbmFtZSB9CmlmICgkc3ZjKSB7CiAgICBTZXQtU2VydmljZUNvbmZpZ3VyYXRpb24gLXN2YyAkc3ZjCn0gZWxzZSB7CiAgICAkcmVzdWx0LmV4aXN0cyA9ICRmYWxzZQogICAgaWYgKCRzdGF0ZSAtbmUgJ2Fic2VudCcpIHsKICAgICAgICAjIENoZWNrIGlmIHBhdGggaXMgZGVmaW5lZCwgaWYgc28gY3JlYXRlIHRoZSBzZXJ2aWNlCiAgICAgICAgaWYgKCRwYXRoIC1uZSAkbnVsbCkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgTmV3LVNlcnZpY2UgLU5hbWUgJG5hbWUgLUJpbmFyeVBhdGhuYW1lICRwYXRoIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCgogICAgICAgICAgICAkc3ZjID0gR2V0LVNlcnZpY2UgfCBXaGVyZS1PYmplY3QgeyAkXy5OYW1lIC1lcSAkbmFtZSB9CiAgICAgICAgICAgIFNldC1TZXJ2aWNlQ29uZmlndXJhdGlvbiAtc3ZjICRzdmMKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAjIFdlIHdpbGwgb25seSByZWFjaCBoZXJlIGlmIHRoZSBzZXJ2aWNlIGlzIGluc3RhbGxlZCBhbmQgdGhlIHN0YXRlIGlzIG5vdCBhYnNlbnQKICAgICAgICAgICAgIyBXaWxsIGNoZWNrIGlmIGFueSBvZiB0aGUgZGVmYXVsdCBhY3Rpb25zIGFyZSBzZXQgYW5kIGZhaWwgYXMgd2UgY2Fubm90IGFjdGlvbiBpdAogICAgICAgICAgICBpZiAoJHN0YXJ0X21vZGUgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJHN0YXRlIC1uZSAkbnVsbCAtb3IKICAgICAgICAgICAgICAgICR1c2VybmFtZSAtbmUgJG51bGwgLW9yCiAgICAgICAgICAgICAgICAkcGFzc3dvcmQgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRpc3BsYXlfbmFtZSAtbmUgJG51bGwgLW9yCiAgICAgICAgICAgICAgICAkZGVzY3JpcHRpb24gLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRlc2t0b3BfaW50ZXJhY3QgLW5lICRmYWxzZSAtb3IKICAgICAgICAgICAgICAgICRkZXBlbmRlbmNpZXMgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRlcGVuZGVuY3lfYWN0aW9uIC1uZSAnc2V0JykgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJTZXJ2aWNlICckbmFtZScgaXMgbm90IGluc3RhbGxlZCwgbmVlZCB0byBzZXQgJ3BhdGgnIHRvIGNyZWF0ZSBhIG5ldyBzZXJ2aWNlIgogICAgICAgICAgICB9CiAgICAgICAgfQogICAgfQp9CgojIEFmdGVyIG1ha2luZyBhIGNoYW5nZSwgbGV0J3MgZ2V0IHRoZSBzZXJ2aWNlIGluZm8gYWdhaW4gdW5sZXNzIHdlIGRlbGV0ZWQgaXQKaWYgKCRzdGF0ZSAtZXEgJ2Fic2VudCcpIHsKICAgICMgUmVjcmVhdGUgcmVzdWx0IHNvIGl0IGRvZXNuJ3QgaGF2ZSB0aGUgZXh0cmEgbWV0YSBkYXRhIG5vdyB0aGF0IGlzIGhhcyBiZWVuIGRlbGV0ZWQKICAgICRjaGFuZ2VkID0gJHJlc3VsdC5jaGFuZ2VkCiAgICAkcmVzdWx0ID0gQHsKICAgICAgICBjaGFuZ2VkID0gJGNoYW5nZWQKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfSBlbHNlaWYgKCRzdmMgLW5lICRudWxsKSB7CiAgICBHZXQtU2VydmljZUluZm8gLW5hbWUgJG5hbWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_check_mode": false, "display_name": "nova-compute", "_ansible_module_name": "win_service", "state": "started", "_ansible_debug": false ScriptBlock ID: 36569441-bda1-464c-a5ed-354937dd9b89 Path:	4104	1		3	2	15	0	1686	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5048	4832	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:07 PM	e5295ba9-9827-0000-795c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): WVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTQsIENocmlzIEhvZmZtYW4gPGNob2ZmbWFuQGNoYXRoYW1maW5hbmNpYWwuY29tPgojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5TSUQKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCiRjaGVja19tb2RlID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ19hbnNpYmxlX2NoZWNrX21vZGUnIC10eXBlICdib29sJyAtZGVmYXVsdCAkZmFsc2UKCiRkZXBlbmRlbmNpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnZGVwZW5kZW5jaWVzJyAtdHlwZSAnbGlzdCcgLWRlZmF1bHQgJG51bGwKJGRlcGVuZGVuY3lfYWN0aW9uID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ2RlcGVuZGVuY3lfYWN0aW9uJyAtdHlwZSAnc3RyJyAtZGVmYXVsdCAnc2V0JyAtdmFsaWRhdGVzZXQgJ2FkZCcsJ3JlbW92ZScsJ3NldCcgCiRkZXNjcmlwdGlvbiA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdkZXNjcmlwdGlvbicgLXR5cGUgJ3N0cicKJGRlc2t0b3BfaW50ZXJhY3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnZGVza3RvcF9pbnRlcmFjdCcgLXR5cGUgJ2Jvb2wnIC1kZWZhdWx0ICRmYWxzZQokZGlzcGxheV9uYW1lID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ2Rpc3BsYXlfbmFtZScgLXR5cGUgJ3N0cicKJGZvcmNlX2RlcGVuZGVudF9zZXJ2aWNlcyA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdmb3JjZV9kZXBlbmRlbnRfc2VydmljZXMnIC10eXBlICdib29sJyAtZGVmYXVsdCAkZmFsc2UKJG5hbWUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnbmFtZScgLXR5cGUgJ3N0cicgLWZhaWxpZmVtcHR5ICR0cnVlCiRwYXNzd29yZCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdwYXNzd29yZCcgLXR5cGUgJ3N0cicKJHBhdGggPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAncGF0aCcKJHN0YXJ0X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnc3RhcnRfbW9kZScgLXR5cGUgJ3N0cicgLXZhbGlkYXRlc2V0ICdhdXRvJywnbWFudWFsJywnZGlzYWJsZWQnLCdkZWxheWVkJwokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnc3RhdGUnIC10eXBlICdzdHInIC12YWxpZGF0ZXNldCAnc3RhcnRlZCcsJ3N0b3BwZWQnLCdyZXN0YXJ0ZWQnLCdhYnNlbnQnLCdwYXVzZWQnCiR1c2VybmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICd1c2VybmFtZScgLXR5cGUgJ3N0cicKCiRyZXN1bHQgPSBAewogICAgY2hhbmdlZCA9ICRmYWxzZQp9CgojIHBhcnNlIHRoZSB1c2VybmFtZSB0byBTSUQgYW5kIGJhY2sgc28gd2UgZ2V0IHRoZSBmdWxsIHVzZXJuYW1lIHdpdGggZG9tYWluIGluIGEgd2F5IFdNSSB1bmRlcnN0YW5kcwppZiAoJHVzZXJuYW1lIC1uZSAkbnVsbCkgewogICAgaWYgKCR1c2VybmFtZSAtZXEgIkxvY2FsU3lzdGVtIikgewogICAgICAgICR1c2VybmFtZV9zaWQgPSAiUy0xLTUtMTgiCiAgICB9IGVsc2UgewogICAgICAgICR1c2VybmFtZV9zaWQgPSBDb252ZXJ0LVRvU0lEIC1hY2NvdW50X25hbWUgJHVzZXJuYW1lCiAgICB9CgogICAgIyB0aGUgU1lTVEVNIGFjY291bnQgaXMgYSBzcGVjaWFsIGJlYXN0LCBXaW4zMl9TZXJ2aWNlIENoYW5nZSByZXF1aXJlcyBTdGFydE5hbWUgdG8gYmUgTG9jYWxTeXN0ZW0KICAgICMgdG8gc3BlY2lmeSBMb2NhbFN5c3RlbS9OVCBBVVRIT1JJVFlcU1lTVEVNCiAgICBpZiAoJHVzZXJuYW1lX3NpZCAtZXEgIlMtMS01LTE4IikgewogICAgICAgICR1c2VybmFtZSA9ICJMb2NhbFN5c3RlbSIKICAgICAgICAkcGFzc3dvcmQgPSAkbnVsbAogICAgfSBlbHNlIHsKICAgICAgICAjIFdpbjMyX1NlcnZpY2UsIHBhc3N3b3JkIG11c3QgYmUgIiIgYW5kIG5vdCAkbnVsbCB3aGVuIHNldHRpbmcgdG8gTG9jYWxTZXJ2aWNlIG9yIE5ldHdvcmtTZXJ2aWNlCiAgICAgICAgaWYgKCR1c2VybmFtZV9zaWQgLWluIEAoIlMtMS01LTE5IiwgIlMtMS01LTIwIikpIHsKICAgICAgICAgICAgJHBhc3N3b3JkID0gIiIKICAgICAgICB9CiAgICAgICAgJHVzZXJuYW1lID0gQ29udmVydC1Gcm9tU0lEIC1zaWQgJHVzZXJuYW1lX3NpZAogICAgfQp9CmlmICgkcGFzc3dvcmQgLW5lICRudWxsIC1hbmQgJHVzZXJuYW1lIC1lcSAkbnVsbCkgewogICAgRmFpbC1Kc29uICRyZXN1bHQgIlRoZSBhcmd1bWVudCAndXNlcm5hbWUnIG11c3QgYmUgc3VwcGxpZWQgd2l0aCAncGFzc3dvcmQnIgp9CmlmICgkZGVza3RvcF9pbnRlcmFjdCAtZXEgJHRydWUgLWFuZCAoLW5vdCAoJHVzZXJuYW1lIC1lcSAiTG9jYWxTeXN0ZW0iIC1vciAkdXNlcm5hbWUgLWVxICRudWxsKSkpIHsKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJDYW4gb25seSBzZXQgJ2Rlc2t0b3BfaW50ZXJhY3QnIHRvIHRydWUgd2hlbiAndXNlcm5hbWUnIGVxdWFscyAnTG9jYWxTeXN0ZW0nIgp9CmlmICgkcGF0aCAtbmUgJG51bGwpIHsKICAgICRwYXRoID0gW1N5c3RlbS5FbnZpcm9ubWVudF06OkV4cGFuZEVudmlyb25tZW50VmFyaWFibGVzKCRwYXRoKQp9CgpGdW5jdGlvbiBHZXQtU2VydmljZUluZm8oJG5hbWUpIHsKICAgICMgTmVlZCB0byBnZXQgbmV3IG9iamVjdHMgc28gd2UgaGF2ZSB0aGUgbGF0ZXN0IGluZm8KICAgICRzdmMgPSBHZXQtU2VydmljZSB8IFdoZXJlLU9iamVjdCB7ICRfLk5hbWUgLWVxICRuYW1lIC1vciAkXy5EaXNwbGF5TmFtZSAtZXEgJG5hbWUgfQogICAgJHdtaV9zdmMgPSBHZXQtQ2ltSW5zdGFuY2UgLUNsYXNzTmFtZSBXaW4zMl9TZXJ2aWNlIC1GaWx0ZXIgIm5hbWU9JyQoJHN2Yy5OYW1lKSciCgogICAgIyBEZWxheWVkIHN0YXJ0X21vZGUgaXMgaW4gcmVhbGl0eSBBdXRvbWF0aWMgKERlbGF5ZWQpLCBuZWVkIHRvIGNoZWNrIHJlZyBrZXkgZm9yIHR5cGUKICAgICRkZWxheWVkID0gR2V0LURlbGF5ZWRTdGF0dXMgLW5hbWUgJHN2Yy5OYW1lCiAgICAkYWN0dWFsX3N0YXJ0X21vZGUgPSAkd21pX3N2Yy5TdGFydE1vZGUuVG9TdHJpbmcoKS5Ub0xvd2VyKCkgCiAgICBpZiAoJGRlbGF5ZWQgLWFuZCAkYWN0dWFsX3N0YXJ0X21vZGUgLWVxICdhdXRvJykgewogICAgICAgICRhY3R1YWxfc3RhcnRfbW9kZSA9ICdkZWxheWVkJwogICAgfQoKICAgICRleGlzdGluZ19kZXBlbmRlbmNpZXMgPSBAKCkKICAgICRleGlzdGluZ19kZXBlbmRlZF9ieSA9IEAoKQogICAgaWYgKCRzdmMuU2VydmljZXNEZXBlbmRlZE9uLkNvdW50IC1ndCAwKSB7CiAgICAgICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJHN2Yy5TZXJ2aWNlc0RlcGVuZGVkT24uTmFtZSkgewogICAgICAgICAgICAkZXhpc3RpbmdfZGVwZW5kZW5jaWVzICs9ICRkZXBlbmRlbmN5CiAgICAgICAgfQogICAgfQogICAgaWYgKCRzdmMuRGVwZW5kZW50U2VydmljZXMuQ291bnQgLWd0IDApIHsKICAgICAgICBmb3JlYWNoICgkZGVwZW5kZW5jeSBpbiAkc3ZjLkRlcGVuZGVudFNlcnZpY2VzLk5hbWUpIHsKICAgICAgICAgICAgJGV4aXN0aW5nX2RlcGVuZGVkX2J5ICs9ICRkZXBlbmRlbmN5CiAgICAgICAgfQogICAgfQogICAgJGRlc2NyaXB0aW9uID0gJHdtaV9zdmMuRGVzY3JpcHRpb24KICAgIGlmICgkZGVzY3JpcHRpb24gLWVxICRudWxsKSB7CiAgICAgICAgJGRlc2NyaXB0aW9uID0gIiIKICAgIH0KCiAgICAkcmVzdWx0LmV4aXN0cyA9ICR0cnVlCiAgICAkcmVzdWx0Lm5hbWUgPSAkc3ZjLk5hbWUKICAgICRyZXN1bHQuZGlzcGxheV9uYW1lID0gJHN2Yy5EaXNwbGF5TmFtZQogICAgJHJlc3VsdC5zdGF0ZSA9ICRzdmMuU3RhdHVzLlRvU3RyaW5nKCkuVG9Mb3dlcigpCiAgICAkcmVzdWx0LnN0YXJ0X21vZGUgPSAkYWN0dWFsX3N0YXJ0X21vZGUKICAgICRyZXN1bHQucGF0aCA9ICR3bWlfc3ZjLlBhdGhOYW1lCiAgICAkcmVzdWx0LmRlc2NyaXB0aW9uID0gJGRlc2NyaXB0aW9uCiAgICAkcmVzdWx0LnVzZXJuYW1lID0gJHdtaV9zdmMuU3RhcnROYW1lCiAgICAkcmVzdWx0LmRlc2t0b3BfaW50ZXJhY3QgPSAkd21pX3N2Yy5EZXNrdG9wSW50ZXJhY3QKICAgICRyZXN1bHQuZGVwZW5kZW5jaWVzID0gJGV4aXN0aW5nX2RlcGVuZGVuY2llcwogICAgJHJlc3VsdC5kZXBlbmRlZF9ieSA9ICRleGlzdGluZ19kZXBlbmRlZF9ieQogICAgJHJlc3VsdC5jYW5fcGF1c2VfYW5kX2NvbnRpbnVlID0gJHN2Yy5DYW5QYXVzZUFuZENvbnRpbnVlCn0KCkZ1bmN0aW9uIEdldC1XbWlFcnJvck1lc3NhZ2UoJHJldHVybl92YWx1ZSkgewogICAgIyBUaGVzZSB2YWx1ZXMgYXJlIGRlcml2ZWQgZnJvbSBodHRwczovL21zZG4ubWljcm9zb2Z0LmNvbS9lbi11cy9saWJyYXJ5L2FhMzg0OTAxKHY9dnMuODUpLmFzcHgKICAgIHN3aXRjaCAoJHJldHVybl92YWx1ZSkgewogICAgICAgIDEgeyAiTm90IFN1cHBvcnRlZDogVGhlIHJlcXVlc3QgaXMgbm90IHN1cHBvcnRlZCIgfQogICAgICAgIDIgeyAiQWNjZXNzIERlbmllZDogVGhlIHVzZXIgZGlkIG5vdCBoYXZlIHRoZSBuZWNlc3NhcnkgYWNjZXNzIiB9CiAgICAgICAgMyB7ICJEZXBlbmRlbnQgU2VydmljZXMgUnVubmluZzogVGhlIHNlcnZpY2UgY2Fubm90IGJlIHN0b3BwZWQgYmVjYXVzZSBvdGhlciBzZXJ2aWNlcyB0aGF0IGFyZSBydW5uaW5nIGFyZSBkZXBlbmRlbnQgb24gaXQiIH0KICAgICAgICA0IHsgIkludmFsaWQgU2VydmljZSBDb250cm9sOiBUaGUgcmVxdWVzdGVkIGNvbnRyb2wgY29kZSBpcyBub3QgdmFsaWQsIG9yIGl0IGlzIHVuYWNjZXB0YWJsZSB0byB0aGUgc2VydmljZSIgfQogICAgICAgIDUgeyAiU2VydmljZSBDYW5ub3QgQWNjZXB0IENvbnRyb2w6IFRoZSByZXF1ZXN0ZWQgY29udHJvbCBjb2RlIGNhbm5vdCBiZSBzZW50IHRvIHRoZSBzZXJ2aWNlIGJlY2F1c2UgdGhlIHN0YXRlIG9mIHRoZSBzZXJ2aWNlIChXaW4zMl9CYXNlU2VydmljZS5TdGF0ZSBwcm9wZXJ0eSkgaXMgZXF1YWwgdG8gMCwgMSwgb3IgMiIgfQogICAgICAgIDYgeyAiU2VydmljZSBOb3QgQWN0aXZlOiBUaGUgc2VydmljZSBoYXMgbm90IGJlZW4gc3RhcnRlZCIgfQogICAgICAgIDcgeyAiU2VydmljZSBSZXF1ZXN0IFRpbWVvdXQ6IFRoZSBzZXJ2aWNlIGRpZCBub3QgcmVzcG9uZCB0byB0aGUgc3RhcnQgcmVxdWVzdCBpbiBhIHRpbWVseSBmYXNoaW9uIiB9CiAgICAgICAgOCB7ICJVbmtub3duIEZhaWx1cmU6IFVua25vd24gZmFpbHVyZSB3aGVuIHN0YXJ0aW5nIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgOSB7ICJQYXRoIE5vdCBGb3VuZDogVGhlIGRpcmVjdG9yeSBwYXRoIHRvIHRoZSBzZXJ2aWNlIGV4ZWN1dGFibGUgZmlsZSB3YXMgbm90IGZvdW5kIiB9CiAgICAgICAgMTAgeyAiU2VydmljZSBBbHJlYWR5IFJ1bm5pbmc6IFRoZSBzZXJ2aWNlIGlzIGFscmVhZHkgcnVubmluZyIgfQogICAgICAgIDExIHsgIlNlcnZpY2UgRGF0YWJhc2UgTG9ja2VkOiBUaGUgZGF0YWJhc2UgdG8gYWRkIGEgbmV3IHNlcnZpY2UgaXMgbG9ja2VkIiB9CiAgICAgICAgMTIgeyAiU2VydmljZSBEZXBlbmRlbmN5IERlbGV0ZWQ6IEEgZGVwZW5kZW5jeSB0aGlzIHNlcnZpY2UgcmVsaWVzIG9uIGhhcyBiZWVuIHJlbW92ZWQgZnJvbSB0aGUgc3lzdGVtIiB9CiAgICAgICAgMTMgeyAiU2VydmljZSBEZXBlbmRlbmN5IEZhaWx1cmU6IFRoZSBzZXJ2aWNlIGZhaWxlZCB0byBmaW5kIHRoZSBzZXJ2aWNlIG5lZWRlZCBmcm9tIGEgZGVwZW5kZW50IHNlcnZpY2UiIH0KICAgICAgICAxNCB7ICJTZXJ2aWNlIERpc2FibGVkOiBUaGUgc2VydmljZSBoYXMgYmVlbiBkaXNhYmxlZCBmcm9tIHRoZSBzeXN0ZW0iIH0KICAgICAgICAxNSB7ICJTZXJ2aWNlIExvZ29uIEZhaWxlZDogVGhlIHNlcnZpY2UgZG9lcyBub3QgaGF2ZSB0aGUgY29ycmVjdCBhdXRoZW50aWNhdGlvbiB0byBydW4gb24gdGhlIHN5c3RlbSIgfQogICAgICAgIDE2IHsgIlNlcnZpY2UgTWFya2VkIEZvciBEZWxldGlvbjogVGhpcyBzZXJ2 ScriptBlock ID: 36569441-bda1-464c-a5ed-354937dd9b89 Path:	4104	1		3	2	15	0	1685	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5048	4832	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:07 PM	e5295ba9-9827-0000-795c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.SID": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCkZ1bmN0aW9uIENvbnZlcnQtRnJvbVNJRCgkc2lkKSB7CiAgICAjIENvbnZlcnRzIGEgU0lEIHRvIGEgRG93bi1MZXZlbCBMb2dvbiBuYW1lIGluIHRoZSBmb3JtIG9mIERPTUFJTlxVc2VyTmFtZQogICAgIyBJZiB0aGUgU0lEIGlzIGZvciBhIGxvY2FsIHVzZXIgb3IgZ3JvdXAgdGhlbiBET01BSU4gd291bGQgYmUgdGhlIHNlcnZlcgogICAgIyBuYW1lLgoKICAgICRhY2NvdW50X29iamVjdCA9IE5ldy1PYmplY3QgU3lzdGVtLlNlY3VyaXR5LlByaW5jaXBhbC5TZWN1cml0eUlkZW50aWZpZXIoJHNpZCkKICAgIHRyeSB7CiAgICAgICAgJG50X2FjY291bnQgPSAkYWNjb3VudF9vYmplY3QuVHJhbnNsYXRlKFtTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudF0pCiAgICB9IGNhdGNoIHsKICAgICAgICBGYWlsLUpzb24gLW9iaiBAe30gLW1lc3NhZ2UgImZhaWxlZCB0byBjb252ZXJ0IHNpZCAnJHNpZCcgdG8gYSBsb2dvbiBuYW1lOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KCiAgICByZXR1cm4gJG50X2FjY291bnQuVmFsdWUKfQoKRnVuY3Rpb24gQ29udmVydC1Ub1NJRCB7CiAgICBbRGlhZ25vc3RpY3MuQ29kZUFuYWx5c2lzLlN1cHByZXNzTWVzc2FnZUF0dHJpYnV0ZSgiUFNBdm9pZFVzaW5nRW1wdHlDYXRjaEJsb2NrIiwgIiIsIEp1c3RpZmljYXRpb249IldlIGRvbid0IGNhcmUgaWYgY29udmVydGluZyB0byBhIFNJRCBmYWlscywganVzdCB0aGF0IGl0IGZhaWxlZCBvciBub3QiKV0KICAgIHBhcmFtKCRhY2NvdW50X25hbWUpCiAgICAjIENvbnZlcnRzIGFuIGFjY291bnQgbmFtZSB0byBhIFNJRCwgaXQgY2FuIHRha2UgaW4gdGhlIGZvbGxvd2luZyBmb3JtcwogICAgIyBTSUQ6IFdpbGwganVzdCByZXR1cm4gdGhlIFNJRCB2YWx1ZSB0aGF0IHdhcyBwYXNzZWQgaW4KICAgICMgVVBOOgogICAgIyAgIHByaW5jaXBhbEBkb21haW4gKERvbWFpbiB1c2VycyBvbmx5KQogICAgIyBEb3duLUxldmVsIExvZ2luIE5hbWUKICAgICMgICBET01BSU5ccHJpbmNpcGFsIChEb21haW4pCiAgICAjICAgU0VSVkVSTkFNRVxwcmluY2lwYWwgKExvY2FsKQogICAgIyAgIC5ccHJpbmNpcGFsIChMb2NhbCkKICAgICMgICBOVCBBVVRIT1JJVFlcU1lTVEVNIChMb2NhbCBTZXJ2aWNlIEFjY291bnRzKQogICAgIyBMb2dpbiBOYW1lCiAgICAjICAgcHJpbmNpcGFsIChMb2NhbC9Mb2NhbCBTZXJ2aWNlIEFjY291bnRzKQoKICAgIHRyeSB7CiAgICAgICAgJHNpZCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5QcmluY2lwYWwuU2VjdXJpdHlJZGVudGlmaWVyIC1Bcmd1bWVudExpc3QgJGFjY291bnRfbmFtZQogICAgICAgIHJldHVybiAkc2lkLlZhbHVlCiAgICB9IGNhdGNoIHt9CgogICAgaWYgKCRhY2NvdW50X25hbWUgLWxpa2UgIipcKiIpIHsKICAgICAgICAkYWNjb3VudF9uYW1lX3NwbGl0ID0gJGFjY291bnRfbmFtZSAtc3BsaXQgIlxcIgogICAgICAgIGlmICgkYWNjb3VudF9uYW1lX3NwbGl0WzBdIC1lcSAiLiIpIHsKICAgICAgICAgICAgJGRvbWFpbiA9ICRlbnY6Q09NUFVURVJOQU1FCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJGRvbWFpbiA9ICRhY2NvdW50X25hbWVfc3BsaXRbMF0KICAgICAgICB9CiAgICAgICAgJHVzZXJuYW1lID0gJGFjY291bnRfbmFtZV9zcGxpdFsxXQogICAgfSBlbHNlaWYgKCRhY2NvdW50X25hbWUgLWxpa2UgIipAKiIpIHsKICAgICAgICAkYWNjb3VudF9uYW1lX3NwbGl0ID0gJGFjY291bnRfbmFtZSAtc3BsaXQgIkAiCiAgICAgICAgJGRvbWFpbiA9ICRhY2NvdW50X25hbWVfc3BsaXRbMV0KICAgICAgICAkdXNlcm5hbWUgPSAkYWNjb3VudF9uYW1lX3NwbGl0WzBdCiAgICB9IGVsc2UgewogICAgICAgICRkb21haW4gPSAkbnVsbAogICAgICAgICR1c2VybmFtZSA9ICRhY2NvdW50X25hbWUKICAgIH0KCiAgICBpZiAoJGRvbWFpbikgewogICAgICAgICMgc2VhcmNoaW5nIGZvciBhIGxvY2FsIGdyb3VwIHdpdGggdGhlIHNlcnZlcm5hbWUgcHJlZml4ZWQgd2lsbCBmYWlsLAogICAgICAgICMgbmVlZCB0byBjaGVjayBmb3IgdGhpcyBzaXR1YXRpb24gYW5kIG9ubHkgdXNlIE5UQWNjb3VudChTdHJpbmcpCiAgICAgICAgaWYgKCRkb21haW4gLWVxICRlbnY6Q09NUFVURVJOQU1FKSB7CiAgICAgICAgICAgICRhZHNpID0gW0FEU0ldKCJXaW5OVDovLyRlbnY6Q09NUFVURVJOQU1FLGNvbXB1dGVyIikKICAgICAgICAgICAgJGdyb3VwID0gJGFkc2kucHNiYXNlLmNoaWxkcmVuIHwgV2hlcmUtT2JqZWN0IHsgJF8uc2NoZW1hQ2xhc3NOYW1lIC1lcSAiZ3JvdXAiIC1hbmQgJF8uTmFtZSAtZXEgJHVzZXJuYW1lIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZ3JvdXAgPSAkbnVsbAogICAgICAgIH0KICAgICAgICBpZiAoJGdyb3VwKSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkdXNlcm5hbWUpCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJGFjY291bnQgPSBOZXctT2JqZWN0IFN5c3RlbS5TZWN1cml0eS5QcmluY2lwYWwuTlRBY2NvdW50KCRkb21haW4sICR1c2VybmFtZSkKICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICMgd2hlbiBpbiBhIGRvbWFpbiBOVEFjY291bnQoU3RyaW5nKSB3aWxsIGZhdm91ciBkb21haW4gbG9va3VwcyBjaGVjawogICAgICAgICMgaWYgdXNlcm5hbWUgaXMgYSBsb2NhbCB1c2VyIGFuZCBleHBsaWN0bHkgc2VhcmNoIG9uIHRoZSBsb2NhbGhvc3QgZm9yCiAgICAgICAgIyB0aGF0IGFjY291bnQKICAgICAgICAkYWRzaSA9IFtBRFNJXSgiV2luTlQ6Ly8kZW52OkNPTVBVVEVSTkFNRSxjb21wdXRlciIpCiAgICAgICAgJHVzZXIgPSAkYWRzaS5wc2Jhc2UuY2hpbGRyZW4gfCBXaGVyZS1PYmplY3QgeyAkXy5zY2hlbWFDbGFzc05hbWUgLWVxICJ1c2VyIiAtYW5kICRfLk5hbWUgLWVxICR1c2VybmFtZSB9CiAgICAgICAgaWYgKCR1c2VyKSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkZW52OkNPTVBVVEVSTkFNRSwgJHVzZXJuYW1lKQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkdXNlcm5hbWUpCiAgICAgICAgfQogICAgfQogICAgCiAgICB0cnkgewogICAgICAgICRhY2NvdW50X3NpZCA9ICRhY2NvdW50LlRyYW5zbGF0ZShbU3lzdGVtLlNlY3VyaXR5LlByaW5jaXBhbC5TZWN1cml0eUlkZW50aWZpZXJdKQogICAgfSBjYXRjaCB7CiAgICAgICAgRmFpbC1Kc29uIEB7fSAiYWNjb3VudF9uYW1lICRhY2NvdW50X25hbWUgaXMgbm90IGEgdmFsaWQgYWNjb3VudCwgY2Fubm90IGdldCBTSUQ6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQogICAgCiAgICByZXR1cm4gJGFjY291bnRfc2lkLlZhbHVlCn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsb ScriptBlock ID: 36569441-bda1-464c-a5ed-354937dd9b89 Path:	4104	1		3	2	15	0	1684	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5048	4832	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:07 PM	e5295ba9-9827-0000-795c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1683	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5048	5044	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:07 PM	e5295ba9-9827-0002-ba5c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 5048 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1682	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5048	4828	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:07 PM	e5295ba9-9827-0002-ba5c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1681	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5048	5044	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:07 PM	e5295ba9-9827-0002-ba5c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1680	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3800	3804	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:02 PM	e5295ba9-9827-0001-4e5c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3800 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1679	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3800	3716	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:02 PM	e5295ba9-9827-0001-4e5c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1678	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3800	3804	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:02 PM	e5295ba9-9827-0001-4e5c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 37c278e3-fcbc-477c-a832-881310877bf3 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = f30da3de-1d2a-4e2c-ae03-80e3f0c7819c Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1677	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	4184	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:02 PM	e5295ba9-9827-0004-2c5c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 8ced6eef-a2a7-4a8a-998a-e5aabef816ef Path:	4104	1		3	2	15	0	1676	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	4188	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:01 PM	e5295ba9-9827-0000-575c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 86d96235-2080-44cc-9b51-798f7da79b5f Path:	4104	1		3	2	15	0	1675	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	4188	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:01 PM	e5295ba9-9827-0002-9d5c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 0d1e2125-af5b-4b30-8c71-c4c2fef15638 Path:	4104	1		3	2	15	0	1674	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	4188	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:01 PM	e5295ba9-9827-0002-8e5c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): I1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "Set-VMHost -VirtualMachineMigrationAuthenticationType Kerberos -passthru -ErrorAction silentlycontinue", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 831c4524-fd18-4aee-bf43-0ec3477e08b9 Path:	4104	1		3	2	15	0	1673	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	4188	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:01 PM	e5295ba9-9827-0002-885c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): gICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoK ScriptBlock ID: 831c4524-fd18-4aee-bf43-0ec3477e08b9 Path:	4104	1		3	2	15	0	1672	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	4188	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:01 PM	e5295ba9-9827-0002-885c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICA ScriptBlock ID: 831c4524-fd18-4aee-bf43-0ec3477e08b9 Path:	4104	1		3	2	15	0	1671	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	4188	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:01 PM	e5295ba9-9827-0002-885c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): HIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1 ScriptBlock ID: 831c4524-fd18-4aee-bf43-0ec3477e08b9 Path:	4104	1		3	2	15	0	1670	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	4188	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:01 PM	e5295ba9-9827-0002-885c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQd ScriptBlock ID: 831c4524-fd18-4aee-bf43-0ec3477e08b9 Path:	4104	1		3	2	15	0	1669	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	4188	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:01 PM	e5295ba9-9827-0002-885c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1668	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	4312	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:01 PM	e5295ba9-9827-0002-865c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4304 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1667	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	4220	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:00 PM	e5295ba9-9827-0002-865c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1666	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	4312	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:06:00 PM	e5295ba9-9827-0002-865c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1665	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4136	3084	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:58 PM	e5295ba9-9827-0002-645c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4136 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1664	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4136	4548	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:57 PM	e5295ba9-9827-0002-645c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1663	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4136	3084	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:57 PM	e5295ba9-9827-0002-645c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = dc74e561-6b1c-4245-a6d4-694129fadcd2 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 2233bc89-764f-4ef4-a264-bf0705b73f3f Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1662	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4116	3928	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:57 PM	e5295ba9-9827-0001-2c5c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: a0de4031-8601-4fdf-950a-8c59fbc3df15 Path:	4104	1		3	2	15	0	1661	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4116	3532	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:57 PM	e5295ba9-9827-0005-3d5c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 74e4a155-a9ce-4183-a225-b19eec40f259 Path:	4104	1		3	2	15	0	1660	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4116	3532	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:57 PM	e5295ba9-9827-0005-365c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: c2b0042a-10cb-4931-88a0-3abcef732d6a Path:	4104	1		3	2	15	0	1659	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4116	3532	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:56 PM	e5295ba9-9827-0005-275c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): WNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "Set-VMHost -useanynetworkformigration $true -passthru -ErrorAction silentlycontinue", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: b7bb541f-2159-487a-b50f-953d52da5f77 Path:	4104	1		3	2	15	0	1658	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4116	3532	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:56 PM	e5295ba9-9827-0005-215c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): WxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZ ScriptBlock ID: b7bb541f-2159-487a-b50f-953d52da5f77 Path:	4104	1		3	2	15	0	1657	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4116	3532	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:56 PM	e5295ba9-9827-0005-215c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51Y ScriptBlock ID: b7bb541f-2159-487a-b50f-953d52da5f77 Path:	4104	1		3	2	15	0	1656	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4116	3532	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:56 PM	e5295ba9-9827-0005-215c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1655	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4116	3748	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:56 PM	e5295ba9-9827-0001-1a5c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4116 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1654	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4116	4160	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:56 PM	e5295ba9-9827-0001-1a5c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1653	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4116	3748	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:56 PM	e5295ba9-9827-0001-1a5c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1652	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4812	4816	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:49 PM	e5295ba9-9827-0004-fa5b-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4812 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1651	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4812	4884	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:49 PM	e5295ba9-9827-0004-fa5b-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1650	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4812	4816	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:49 PM	e5295ba9-9827-0004-fa5b-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 1969d586-97b0-488f-99d2-4f4368850d8a Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 5783dbbe-62b2-497e-8a88-79093be70f5c Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1649	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4648	4764	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:49 PM	e5295ba9-9827-0002-525c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 1615284d-08ad-4d9f-91b2-c59e5c042929 Path:	4104	1		3	2	15	0	1648	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4648	4732	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:48 PM	e5295ba9-9827-0000-175c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: bf21a64b-386e-4933-a190-f09ec00ecd77 Path:	4104	1		3	2	15	0	1647	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4648	4732	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:48 PM	e5295ba9-9827-0001-0a5c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: b42e917f-4b28-4d22-943f-8cc610c79612 Path:	4104	1		3	2	15	0	1646	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4648	4732	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:48 PM	e5295ba9-9827-0001-fb5b-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 6): n @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 7ff805ba-758a-4b40-8a83-fbde621c735f Path:	4104	1		3	2	15	0	1645	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4648	4732	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:48 PM	e5295ba9-9827-0000-0e5c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 6): GluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "Enable-VMMigration -passthru -ErrorAction silentlycontinue", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Jso ScriptBlock ID: 7ff805ba-758a-4b40-8a83-fbde621c735f Path:	4104	1		3	2	15	0	1644	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4648	4732	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:48 PM	e5295ba9-9827-0000-0e5c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 6): R1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgb ScriptBlock ID: 7ff805ba-758a-4b40-8a83-fbde621c735f Path:	4104	1		3	2	15	0	1643	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4648	4732	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:48 PM	e5295ba9-9827-0000-0e5c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 6): 2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZX ScriptBlock ID: 7ff805ba-758a-4b40-8a83-fbde621c735f Path:	4104	1		3	2	15	0	1642	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4648	4732	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:48 PM	e5295ba9-9827-0000-0e5c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 6): AgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob ScriptBlock ID: 7ff805ba-758a-4b40-8a83-fbde621c735f Path:	4104	1		3	2	15	0	1641	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4648	4732	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:48 PM	e5295ba9-9827-0000-0e5c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 6): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgIC ScriptBlock ID: 7ff805ba-758a-4b40-8a83-fbde621c735f Path:	4104	1		3	2	15	0	1640	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4648	4732	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:48 PM	e5295ba9-9827-0000-0e5c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1639	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4648	4652	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:47 PM	e5295ba9-9827-0004-f15b-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4648 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1638	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4648	4720	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:47 PM	e5295ba9-9827-0004-f15b-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1637	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4648	4652	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:47 PM	e5295ba9-9827-0004-f15b-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1636	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4440	4444	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:43 PM	e5295ba9-9827-0004-ec5b-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4440 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1635	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4440	4516	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:43 PM	e5295ba9-9827-0004-ec5b-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1634	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4440	4444	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:43 PM	e5295ba9-9827-0004-ec5b-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 4c78ec45-8848-4f95-9162-4154cc594957 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = d940831c-e725-4a3e-9087-de1c95f8f19c Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1633	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4232	4388	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:42 PM	e5295ba9-9827-0005-f45b-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 3ac4d856-9e9b-42b2-b9c5-eaacc4e69a28 Path:	4104	1		3	2	15	0	1632	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4232	4316	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:40 PM	e5295ba9-9827-0003-0c5c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 5b6d90d8-7976-49e6-9eb4-993a5fa25dd5 Path:	4104	1		3	2	15	0	1631	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4232	4316	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:40 PM	e5295ba9-9827-0003-055c-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: a6f4bfd8-03b8-4b30-82e2-2f517edb89e6 Path:	4104	1		3	2	15	0	1630	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4232	4316	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:40 PM	e5295ba9-9827-0003-f85b-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): SAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "c:\\openstack\\bin\\SetUserAccountRights.exe -g administrator@cbci-805629-1.local -v SeServiceLogonRight", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 25e740c6-5e60-4e54-96aa-2f1a99a1fd1e Path:	4104	1		3	2	15	0	1629	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4232	4316	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:39 PM	e5295ba9-9827-0003-f25b-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): 0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZ ScriptBlock ID: 25e740c6-5e60-4e54-96aa-2f1a99a1fd1e Path:	4104	1		3	2	15	0	1628	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4232	4316	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:39 PM	e5295ba9-9827-0003-f25b-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN ScriptBlock ID: 25e740c6-5e60-4e54-96aa-2f1a99a1fd1e Path:	4104	1		3	2	15	0	1627	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4232	4316	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:39 PM	e5295ba9-9827-0003-f25b-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1626	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4232	4236	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:39 PM	e5295ba9-9827-0004-e75b-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4232 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1625	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4232	4304	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:39 PM	e5295ba9-9827-0004-e75b-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1624	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4232	4236	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:38 PM	e5295ba9-9827-0004-e75b-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1623	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4084	4060	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:38 PM	e5295ba9-9827-0004-e15b-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4084 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1622	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4084	3920	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:38 PM	e5295ba9-9827-0004-e15b-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1621	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4084	4060	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:38 PM	e5295ba9-9827-0004-e15b-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1620	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4080	4084	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:36 PM	e5295ba9-9827-0000-f75b-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4080 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1619	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4080	2980	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:35 PM	e5295ba9-9827-0000-f75b-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1618	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4080	4084	n-h1-805629-1.cbci-805629-1.local	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:34 PM	e5295ba9-9827-0000-f75b-29e52798d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1617	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3328	3488	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:05 PM	9d04040e-981f-0001-1713-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3328 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1616	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3328	1656	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:05 PM	9d04040e-981f-0001-1713-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1615	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3328	3488	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:05 PM	9d04040e-981f-0001-1713-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1614	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4152	92	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:03 PM	9d04040e-981f-0001-0c13-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4152 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1613	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4152	4156	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:03 PM	9d04040e-981f-0001-0c13-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1612	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4152	92	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:03 PM	9d04040e-981f-0001-0c13-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1611	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4884	2040	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:03 PM	9d04040e-981f-0002-070e-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4884 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1610	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4884	4280	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:03 PM	9d04040e-981f-0002-070e-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1609	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4884	2040	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:02 PM	9d04040e-981f-0002-070e-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1608	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4496	2088	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:02 PM	9d04040e-981f-0001-ff12-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4496 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1607	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4496	4348	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:02 PM	9d04040e-981f-0001-ff12-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1606	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4496	2088	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:05:02 PM	9d04040e-981f-0001-ff12-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: d5ae56c5-ce0e-4a87-9303-ad1390eda45a Path:	4104	1		3	2	15	0	1605	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1196	1152	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:59 PM	9d04040e-981f-0005-9754-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: fda1ae3c-0352-4773-927d-012a2295e230 Path:	4104	1		3	2	15	0	1604	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1196	1152	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:59 PM	9d04040e-981f-0005-8c54-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): bl9vdV9wYXRoCiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAkam9pbl9yZXN1bHQgPSBKb2luLURvbWFpbiBAam9pbl9hcmdzCgogICAgICAgICAgICAgICAgICAgICMgdGhpcyBjaGFuZ2UgcmVxdWlyZXMgYSByZWJvb3QKICAgICAgICAgICAgICAgICAgICAkcmVzdWx0LnJlYm9vdF9yZXF1aXJlZCA9ICR0cnVlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBFbHNlSWYoLW5vdCAkaG9zdG5hbWVfbWF0Y2gpIHsgIyBkb21haW4gbWF0Y2hlcyBidXQgaG9zdG5hbWUgZG9lc24ndCwganVzdCBkbyBhIHJlbmFtZQogICAgICAgICAgICAgICAgICAgIFdyaXRlLURlYnVnTG9nICgiZG9tYWluIG1hdGNoZXMsIHNldHRpbmcgaG9zdG5hbWUgdG8gezB9IiAtZiAkaG9zdG5hbWUpCgogICAgICAgICAgICAgICAgICAgICRyZW5hbWVfYXJncyA9IEB7TmV3TmFtZT0kaG9zdG5hbWV9CgogICAgICAgICAgICAgICAgICAgIElmIChJcy1Eb21haW5Kb2luZWQpIHsKICAgICAgICAgICAgICAgICAgICAgICAgJGRvbWFpbl9jcmVkID0gQ3JlYXRlLUNyZWRlbnRpYWwgJGRvbWFpbl9hZG1pbl91c2VyICRkb21haW5fYWRtaW5fcGFzc3dvcmQKICAgICAgICAgICAgICAgICAgICAgICAgJHJlbmFtZV9hcmdzLkRvbWFpbkNyZWRlbnRpYWwgPSAkZG9tYWluX2NyZWQKICAgICAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgICAgICRyZW5hbWVfcmVzdWx0ID0gUmVuYW1lLUNvbXB1dGVyIEByZW5hbWVfYXJncwoKICAgICAgICAgICAgICAgICAgICAjIHRoaXMgY2hhbmdlIHJlcXVpcmVzIGEgcmVib290CiAgICAgICAgICAgICAgICAgICAgJHJlc3VsdC5yZWJvb3RfcmVxdWlyZWQgPSAkdHJ1ZQogICAgICAgICAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgICAgICAgICAjIG5vIGNoYW5nZSBpcyBuZWVkZWQKICAgICAgICAgICAgICAgIH0KCiAgICAgICAgICAgIH0KICAgICAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICAgICBXcml0ZS1EZWJ1Z0xvZyAiY2hlY2sgbW9kZSwgZXhpdGluZyBlYXJseS4uLiIKICAgICAgICAgICAgfQoKICAgICAgICB9CgogICAgICAgIHdvcmtncm91cCB7CiAgICAgICAgICAgICR3b3JrZ3JvdXBfbWF0Y2ggPSAkKEdldC1Xb3JrZ3JvdXApIC1lcSAkd29ya2dyb3VwX25hbWUKCiAgICAgICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICRyZXN1bHQuY2hhbmdlZCAtb3IgKC1ub3QgJHdvcmtncm91cF9tYXRjaCkKCiAgICAgICAgICAgIElmKC1ub3QgJF9hbnNpYmxlX2NoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIElmKC1ub3QgJHdvcmtncm91cF9tYXRjaCkgewogICAgICAgICAgICAgICAgICAgIFdyaXRlLURlYnVnTG9nICgic2V0dGluZyB3b3JrZ3JvdXAgdG8gezB9IiAtZiAkd29ya2dyb3VwX25hbWUpCiAgICAgICAgICAgICAgICAgICAgJGpvaW5fd2dfcmVzdWx0ID0gSm9pbi1Xb3JrZ3JvdXAgLXdvcmtncm91cF9uYW1lICR3b3JrZ3JvdXBfbmFtZSAtZG9tYWluX2FkbWluX3VzZXIgJGRvbWFpbl9hZG1pbl91c2VyIC1kb21haW5fYWRtaW5fcGFzc3dvcmQgJGRvbWFpbl9hZG1pbl9wYXNzd29yZAoKICAgICAgICAgICAgICAgICAgICAjIHRoaXMgY2hhbmdlIHJlcXVpcmVzIGEgcmVib290CiAgICAgICAgICAgICAgICAgICAgJHJlc3VsdC5yZWJvb3RfcmVxdWlyZWQgPSAkdHJ1ZQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgSWYoLW5vdCAkaG9zdG5hbWVfbWF0Y2gpIHsKICAgICAgICAgICAgICAgICAgICBXcml0ZS1EZWJ1Z0xvZyAoInNldHRpbmcgaG9zdG5hbWUgdG8gezB9IiAtZiAkaG9zdG5hbWUpCiAgICAgICAgICAgICAgICAgICAgJHJlbmFtZV9yZXN1bHQgPSBSZW5hbWUtQ29tcHV0ZXIgLU5ld05hbWUgJGhvc3RuYW1lCgogICAgICAgICAgICAgICAgICAgICMgdGhpcyBjaGFuZ2UgcmVxdWlyZXMgYSByZWJvb3QKICAgICAgICAgICAgICAgICAgICAkcmVzdWx0LnJlYm9vdF9yZXF1aXJlZCA9ICR0cnVlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgZGVmYXVsdCB7IHRocm93ICJpbnZhbGlkIHN0YXRlICRzdGF0ZSIgfQogICAgfQoKICAgIEV4aXQtSnNvbiAkcmVzdWx0Cn0KQ2F0Y2ggewogICAgJGV4Y2VwID0gJF8KCiAgICBXcml0ZS1EZWJ1Z0xvZyAiRXhjZXB0aW9uOiAkKCRleGNlcCB8IG91dC1zdHJpbmcpIgoKICAgIFRocm93Cn0K", "module_args": {"_ansible_version": "2.7.0", "_ansible_syslog_facility": "LOG_USER", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "domain_admin_user": "administrator@cbci-805629-1.local", "log_path": "c:\\openstack\\log\\join-ad-result.log", "dns_domain_name": "cbci-805629-1.local", "_ansible_module_name": "win_domain_membership", "hostname": "n-h1-805629-1", "domain_admin_password": "Passw0rd", "_ansible_keep_remote_files": false, "_ansible_verbosity": 2, "_ansible_socket": null, "state": "domain", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 762bf121-1b4d-4fff-a48e-ef1d5bc035eb Path:	4104	1		3	2	15	0	1603	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1196	1152	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:58 PM	9d04040e-981f-0005-8654-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIFJlZCBIYXQsIEluYy4KIyBHTlUgR2VuZXJhbCBQdWJsaWMgTGljZW5zZSB2My4wKyAoc2VlIENPUFlJTkcgb3IgaHR0cHM6Ly93d3cuZ251Lm9yZy9saWNlbnNlcy9ncGwtMy4wLnR4dCkKCiNSZXF1aXJlcyAtTW9kdWxlIEFuc2libGUuTW9kdWxlVXRpbHMuTGVnYWN5CgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyCgokRXJyb3JBY3Rpb25QcmVmZXJlbmNlID0gIlN0b3AiCgokbG9nX3BhdGggPSAkbnVsbAoKRnVuY3Rpb24gV3JpdGUtRGVidWdMb2cgewogICAgUGFyYW0oCiAgICBbc3RyaW5nXSRtc2cKICAgICkKCiAgICAkRGVidWdQcmVmZXJlbmNlID0gIkNvbnRpbnVlIgogICAgJGRhdGVfc3RyID0gR2V0LURhdGUgLUZvcm1hdCB1CiAgICAkbXNnID0gIiRkYXRlX3N0ciAkbXNnIgoKICAgIFdyaXRlLURlYnVnICRtc2cKCiAgICBpZigkbG9nX3BhdGgpIHsKICAgICAgICBBZGQtQ29udGVudCAkbG9nX3BhdGggJG1zZwogICAgfQp9CgpGdW5jdGlvbiBHZXQtRG9tYWluTWVtYmVyc2hpcE1hdGNoIHsKICAgIFBhcmFtKAogICAgICAgIFtzdHJpbmddICRkbnNfZG9tYWluX25hbWUKICAgICkKCiAgICAjIEZVVFVSRTogYWRkIHN1cHBvcnQgZm9yIE5ldEJJT1MgZG9tYWluIG5hbWU/CgogICAgIyB0aGlzIHJlcXVpcmVzIHRoZSBEQyB0byBiZSBhY2Nlc3NpYmxlOyAiREMgdW5hdmFpbGFibGUiIGlzIGluZGlzdGluZ3Vpc2hhYmxlIGZyb20gIm5vdCBqb2luZWQgdG8gdGhlIGRvbWFpbiIuLi4KICAgIFRyeSB7CiAgICAgICAgV3JpdGUtRGVidWdMb2cgImNhbGxpbmcgR2V0Q29tcHV0ZXJEb21haW4oKSIKICAgICAgICAkY3VycmVudF9kbnNfZG9tYWluID0gW1N5c3RlbS5EaXJlY3RvcnlTZXJ2aWNlcy5BY3RpdmVEaXJlY3RvcnkuRG9tYWluXTo6R2V0Q29tcHV0ZXJEb21haW4oKS5OYW1lCgogICAgICAgICRkb21haW5fbWF0Y2ggPSAkY3VycmVudF9kbnNfZG9tYWluIC1lcSAkZG5zX2RvbWFpbl9uYW1lCgogICAgICAgIFdyaXRlLURlYnVnTG9nICgiY3VycmVudCBkb21haW4gezB9IG1hdGNoZXMgezF9OiB7Mn0iIC1mICRjdXJyZW50X2Ruc19kb21haW4sICRkbnNfZG9tYWluX25hbWUsICRkb21haW5fbWF0Y2gpCgogICAgICAgIHJldHVybiAkZG9tYWluX21hdGNoCiAgICB9CiAgICBDYXRjaCBbU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjdGl2ZURpcmVjdG9yeS5BY3RpdmVEaXJlY3RvcnlPYmplY3ROb3RGb3VuZEV4Y2VwdGlvbl0gewogICAgICAgIFdyaXRlLURlYnVnTG9nICJub3QgY3VycmVudGx5IGpvaW5lZCB0byBhIHJlYWNoYWJsZSBkb21haW4iCiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBDcmVhdGUtQ3JlZGVudGlhbCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSAkY3JlZF91c2VyLAogICAgICAgIFtzdHJpbmddICRjcmVkX3Bhc3MKICAgICkKCiAgICAkY3JlZCA9IE5ldy1PYmplY3QgU3lzdGVtLk1hbmFnZW1lbnQuQXV0b21hdGlvbi5QU0NyZWRlbnRpYWwoJGNyZWRfdXNlciwgJCgkY3JlZF9wYXNzIHwgQ29udmVydFRvLVNlY3VyZVN0cmluZyAtQXNQbGFpblRleHQgLUZvcmNlKSkKCiAgICByZXR1cm4gJGNyZWQKfQoKRnVuY3Rpb24gR2V0LUhvc3RuYW1lTWF0Y2ggewogICAgUGFyYW0oCiAgICAgICAgW3N0cmluZ10gJGhvc3RuYW1lCiAgICApCgogICAgIyBBZGQtQ29tcHV0ZXIgd2lsbCB2YWxpZGF0ZSB0aGUgInNoYXBlIiBvZiB0aGUgaG9zdG5hbWUtIHdlIGp1c3QgY2FyZSBpZiBpdCBtYXRjaGVzLi4uCgogICAgJGhvc3RuYW1lX21hdGNoID0gJGVudjpDT01QVVRFUk5BTUUgLWVxICRob3N0bmFtZQogICAgV3JpdGUtRGVidWdMb2cgKCJjdXJyZW50IGhvc3RuYW1lIHswfSBtYXRjaGVzIHsxfTogezJ9IiAtZiAkZW52OkNPTVBVVEVSTkFNRSwgJGhvc3RuYW1lLCAkaG9zdG5hbWVfbWF0Y2gpCgogICAgcmV0dXJuICRob3N0bmFtZV9tYXRjaAp9CgpGdW5jdGlvbiBJcy1Eb21haW5Kb2luZWQgewogICAgcmV0dXJuIChHZXQtV21pT2JqZWN0IFdpbjMyX0NvbXB1dGVyU3lzdGVtKS5QYXJ0T2ZEb21haW4KfQoKRnVuY3Rpb24gSm9pbi1Eb21haW4gewogICAgUGFyYW0oCiAgICAgICAgW3N0cmluZ10gJGRuc19kb21haW5fbmFtZSwKICAgICAgICBbc3RyaW5nXSAkbmV3X2hvc3RuYW1lLAogICAgICAgIFtzdHJpbmddICRkb21haW5fYWRtaW5fdXNlciwKICAgICAgICBbc3RyaW5nXSAkZG9tYWluX2FkbWluX3Bhc3N3b3JkLAogICAgICAgIFtzdHJpbmddICRkb21haW5fb3VfcGF0aAogICAgKQoKICAgIFdyaXRlLURlYnVnTG9nICgiQ3JlYXRpbmcgY3JlZGVudGlhbCBmb3IgdXNlciB7MH0iIC1mICRkb21haW5fYWRtaW5fdXNlcikKICAgICRkb21haW5fY3JlZCA9IENyZWF0ZS1DcmVkZW50aWFsICRkb21haW5fYWRtaW5fdXNlciAkZG9tYWluX2FkbWluX3Bhc3N3b3JkCgogICAgJGFkZF9hcmdzID0gQHsKICAgICAgICBDb21wdXRlck5hbWU9Ii4iCiAgICAgICAgQ3JlZGVudGlhbD0kZG9tYWluX2NyZWQKICAgICAgICBEb21haW5OYW1lPSRkbnNfZG9tYWluX25hbWUKICAgICAgICBGb3JjZT0kbnVsbAogICAgfQoKICAgIFdyaXRlLURlYnVnTG9nICJhZGRpbmcgaG9zdG5hbWUgc2V0IGFyZyB0byBBZGQtQ29tcHV0ZXIgYXJncyIKICAgIElmKCRuZXdfaG9zdG5hbWUpIHsKICAgICAgICAkYWRkX2FyZ3NbIk5ld05hbWUiXSA9ICRuZXdfaG9zdG5hbWUKICAgIH0KCgogICAgaWYoJGRvbWFpbl9vdV9wYXRoKXsKICAgICAgICBXcml0ZS1EZWJ1Z0xvZyAiYWRkaW5nIE9VIGRlc3RpbmF0aW9uIGFyZyB0byBBZGQtQ29tcHV0ZXIgYXJncyIKICAgICAgICAkYWRkX2FyZ3NbIk9VUGF0aCJdID0gJGRvbWFpbl9vdV9wYXRoCiAgICB9CiAgICAkYXJnc3RyID0gJGFkZF9hcmdzIHwgT3V0LVN0cmluZwogICAgV3JpdGUtRGVidWdMb2cgImNhbGxpbmcgQWRkLUNvbXB1dGVyIHdpdGggYXJnczogJGFyZ3N0ciIKICAgIHRyeSB7CiAgICAgICAgJGFkZF9yZXN1bHQgPSBBZGQtQ29tcHV0ZXIgQGFkZF9hcmdzCiAgICB9IGNhdGNoIHsKICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gam9pbiBkb21haW46ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQoKICAgIFdyaXRlLURlYnVnTG9nICgiQWRkLUNvbXB1dGVyIHJlc3VsdCB3YXMgXG57MH0iIC1mICRhZGRfcmVzdWx0IHwgT3V0LVN0cmluZykKfQoKRnVuY3Rpb24gR2V0LVdvcmtncm91cCB7CiAgICByZXR1cm4gKEdldC1XbWlPYmplY3QgV2luMzJfQ29tcHV0ZXJTeXN0ZW0pLldvcmtncm91cAp9CgpGdW5jdGlvbiBTZXQtV29ya2dyb3VwIHsKICAgIFBhcmFtKAogICAgICAgIFtzdHJpbmddICR3b3JrZ3JvdXBfbmFtZQogICAgKQoKICAgIFdyaXRlLURlYnVnTG9nICgiQ2FsbGluZyBKb2luRG9tYWluT3JXb3JrZ3JvdXAgd2l0aCB3b3JrZ3JvdXAgezB9IiAtZiAkd29ya2dyb3VwX25hbWUpCiAgICB0cnkgewogICAgICAgICRzd2dfcmVzdWx0ID0gKEdldC1XbWlPYmplY3QgLUNsYXNzTmFtZSBXaW4zMl9Db21wdXRlclN5c3RlbSkuSm9pbkRvbWFpbk9yV29ya2dyb3VwKCR3b3JrZ3JvdXBfbmFtZSkKICAgIH0gY2F0Y2ggewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byBjYWxsIFdpbjMyX0NvbXB1dGVyU3lzdGVtLkpvaW5Eb21haW5Pcldvcmtncm91cCgkd29ya2dyb3VwX25hbWUpOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KCiAgICBpZiAoJHN3Z19yZXN1bHQuUmV0dXJuVmFsdWUgLW5lIDApIHsKICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gc2V0IHdvcmtncm91cCB0aHJvdWdoIFdNSSwgcmV0dXJuIHZhbHVlOiAkKCRzd2dfcmVzdWx0LlJldHVyblZhbHVlKSIKICAgIAogICAgcmV0dXJuICRzd2dfcmVzdWx0fQp9CgpGdW5jdGlvbiBKb2luLVdvcmtncm91cCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSAkd29ya2dyb3VwX25hbWUsCiAgICAgICAgW3N0cmluZ10gJGRvbWFpbl9hZG1pbl91c2VyLAogICAgICAgIFtzdHJpbmddICRkb21haW5fYWRtaW5fcGFzc3dvcmQKICAgICkKCiAgICBJZihJcy1Eb21haW5Kb2luZWQpIHsgIyBpZiB3ZSdyZSBvbiBhIGRvbWFpbiwgdW5qb2luIGl0ICh3aGljaCBmb3JjZXMgdXMgdG8gam9pbiBhIHdvcmtncm91cCkKICAgICAgICAkZG9tYWluX2NyZWQgPSBDcmVhdGUtQ3JlZGVudGlhbCAkZG9tYWluX2FkbWluX3VzZXIgJGRvbWFpbl9hZG1pbl9wYXNzd29yZAoKICAgICAgICAjIDIwMTIrIGNhbGwgdGhlIFdvcmtncm91cCBhcmcgV29ya2dyb3VwTmFtZSwgYnV0IHNlZW0gdG8gYWNjZXB0CiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHJjX3Jlc3VsdCA9IFJlbW92ZS1Db21wdXRlciAtV29ya2dyb3VwICR3b3JrZ3JvdXBfbmFtZSAtQ3JlZGVudGlhbCAkZG9tYWluX2NyZWQgLUZvcmNlCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byByZW1vdmUgY29tcHV0ZXIgZnJvbSBkb21haW46ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgICAgIH0KICAgIH0KCiAgICAjIHdlJ3JlIGFscmVhZHkgb24gYSB3b3JrZ3JvdXAtIGNoYW5nZSBpdC4KICAgIEVsc2UgewogICAgICAgICRzd2dfcmVzdWx0ID0gU2V0LVdvcmtncm91cCAkd29ya2dyb3VwX25hbWUKICAgIH0KfQoKCiRyZXN1bHQgPSBAewogICAgY2hhbmdlZCA9ICRmYWxzZQogICAgcmVib290X3JlcXVpcmVkID0gJGZhbHNlCn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzIC1hcmd1bWVudHMgJGFyZ3MgLXN1cHBvcnRzX2NoZWNrX21vZGUgJHRydWUKCiRzdGF0ZSA9IEdldC1BbnNpYmxlUGFyYW0gJHBhcmFtcyAic3RhdGUiIC12YWxpZGF0ZXNldCBAKCJkb21haW4iLCJ3b3JrZ3JvdXAiKSAtZmFpbGlmZW1wdHkgJHJlc3VsdAoKJGRuc19kb21haW5fbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gJHBhcmFtcyAiZG5zX2RvbWFpbl9uYW1lIgokaG9zdG5hbWUgPSBHZXQtQW5zaWJsZVBhcmFtICRwYXJhbXMgImhvc3RuYW1lIgokd29ya2dyb3VwX25hbWUgPSBHZXQtQW5zaWJsZVBhcmFtICRwYXJhbXMgIndvcmtncm91cF9uYW1lIgokZG9tYWluX2FkbWluX3VzZXIgPSBHZXQtQW5zaWJsZVBhcmFtICRwYXJhbXMgImRvbWFpbl9hZG1pbl91c2VyIiAtZmFpbGlmZW1wdHkgJHJlc3VsdAokZG9tYWluX2FkbWluX3Bhc3N3b3JkID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJkb21haW5fYWRtaW5fcGFzc3dvcmQiIC1mYWlsaWZlbXB0eSAkcmVzdWx0CiRkb21haW5fb3VfcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gJHBhcmFtcyAiZG9tYWluX291X3BhdGgiCgokbG9nX3BhdGggPSBHZXQtQW5zaWJsZVBhcmFtICRwYXJhbXMgImxvZ19wYXRoIgokX2Fuc2libGVfY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gJHBhcmFtcyAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLWRlZmF1bHQgJGZhbHNlCgpJZiAoJHN0YXRlIC1lcSAiZG9tYWluIikgewogICAgSWYoLW5vdCAkZG5zX2RvbWFpbl9uYW1lKSB7CiAgICAgICAgRmFpbC1Kc29uIEB7fSAiZG5zX2RvbWFpbl9uYW1lIGlzIHJlcXVpcmVkIHdoZW4gc3RhdGUgaXMgJ2RvbWFpbiciCiAgICB9Cn0KRWxzZSB7ICMgd29ya2dyb3VwCiAgICBJZigtbm90ICR3b3JrZ3JvdXBfbmFtZSkgewogICAgICAgIEZhaWwtSnNvbiBAe30gIndvcmtncm91cF9uYW1lIGlzIHJlcXVpcmVkIHdoZW4gc3RhdGUgaXMgJ3dvcmtncm91cCciCiAgICB9Cn0KCgokZ2xvYmFsOmxvZ19wYXRoID0gJGxvZ19wYXRoCgpUcnkgewoKICAgICRob3N0bmFtZV9tYXRjaCA9IElmKCRob3N0bmFtZSkgeyBHZXQtSG9zdG5hbWVNYXRjaCAkaG9zdG5hbWUgfSBFbHNlIHsgJHRydWUgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICRyZXN1bHQuY2hhbmdlZCAtb3IgKC1ub3QgJGhvc3RuYW1lX21hdGNoKQoKICAgIFN3aXRjaCgkc3RhdGUpIHsKICAgICAgICBkb21haW4gewogICAgICAgICAgICAkZG9tYWluX21hdGNoID0gR2V0LURvbWFpbk1lbWJlcnNoaXBNYXRjaCAkZG5zX2RvbWFpbl9uYW1lCgogICAgICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkcmVzdWx0LmNoYW5nZWQgLW9yICgtbm90ICRkb21haW5fbWF0Y2gpCgogICAgICAgICAgICBJZigkcmVzdWx0LmNoYW5nZWQgLWFuZCAtbm90ICRfYW5zaWJsZV9jaGVja19tb2RlKSB7CiAgICAgICAgICAgICAgICBJZigtbm90ICRkb21haW5fbWF0Y2gpIHsKICAgICAgICAgICAgICAgICAgICBJZihJcy1Eb21haW5Kb2luZWQpIHsKICAgICAgICAgICAgICAgICAgICAgICAgV3JpdGUtRGVidWdMb2cgImRvbWFpbiBkb2Vzbid0IG1hdGNoLCBhbmQgd2UncmUgYWxyZWFkeSBqb2luZWQgdG8gYW5vdGhlciBkb21haW4iCiAgICAgICAgICAgICAgICAgICAgICAgIHRocm93ICJzd2l0Y2hpbmcgZG9tYWlucyBpcyBub3QgaW1wbGVtZW50ZWQiCiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAkam9pbl9hcmdzID0gQHsKICAgICAgICAgICAgICAgICAgICAgICAgZG5zX2RvbWFpbl9uYW1lID0gJGRuc19kb21haW5fbmFtZQogICAgICAgICAgICAgICAgICAgICAgICBkb21haW5fYWRtaW5fdXNlciA9ICRkb21haW5fYWRtaW5fdXNlcgogICAgICAgICAgICAgICAgICAgICAgICBkb21haW5fYWRtaW5fcGFzc3dvcmQgPSAkZG9tYWluX2FkbWluX3Bhc3N3b3JkCiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICBXcml0ZS1EZWJ1Z0xvZyAibm90IGEgZG9tYWluIG1lbWJlciwgam9pbmluZy4uLiIKCiAgICAgICAgICAgICAgICAgICAgSWYoLW5vdCAkaG9zdG5hbWVfbWF0Y2gpIHsKICAgICAgICAgICAgICAgICAgICAgICAgV3JpdGUtRGVidWdMb2cgImFkZGluZyBob3N0bmFtZSBjaGFuZ2UgdG8gZG9tYWluLWpvaW4gYXJncyIKICAgICAgICAgICAgICAgICAgICAgICAgJGpvaW5fYXJncy5uZXdfaG9zdG5hbWUgPSAkaG9zdG5hbWUKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICAgICAgSWYoJGRvbWFpbl9vdV9wYXRoIC1uZSAkbnVsbCl7ICMgSWYgT1UgUGF0aCBpcyBub3QgZW1wdHkKICAgICAgICAgICAgICAgICAgICAgICAgV3JpdGUtRGVidWdMb2cgImFkZGluZyBkb21haW5fb3VfcGF0aCB0byBkb21haW4tam9pbiBhcmdzIgogICAgICAgICAgICAgICAgICAgICAgICAkam9pbl9hcmdzLmRvbWFpbl9vdV9wYXRoID0gJGRvbWFp ScriptBlock ID: 762bf121-1b4d-4fff-a48e-ef1d5bc035eb Path:	4104	1		3	2	15	0	1602	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1196	1152	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:58 PM	9d04040e-981f-0005-8654-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3 ScriptBlock ID: 762bf121-1b4d-4fff-a48e-ef1d5bc035eb Path:	4104	1		3	2	15	0	1601	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1196	1152	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:58 PM	9d04040e-981f-0005-8654-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9 ScriptBlock ID: 762bf121-1b4d-4fff-a48e-ef1d5bc035eb Path:	4104	1		3	2	15	0	1600	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1196	1152	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:58 PM	9d04040e-981f-0005-8654-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1599	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1196	2392	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:58 PM	9d04040e-981f-0002-e40d-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1196 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1598	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1196	2184	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:58 PM	9d04040e-981f-0002-e40d-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1597	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1196	2392	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:58 PM	9d04040e-981f-0002-e40d-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): value = ${NameEncoding} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NameEncoding'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NameEncoding'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NameServers')) { [object]$__cmdletization_value = ${NameServers} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NameServers'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NameServers'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Namespace')) { [object]$__cmdletization_value = ${Namespace} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Namespace'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Namespace'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Server')) { [object]$__cmdletization_value = ${Server} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Server'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Server'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisplayName')) { [object]$__cmdletization_value = ${DisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisplayName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisplayName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameter.ParameterTypeName = 'Microsoft.Management.Infrastructure.CimInstance#DnsClientNrptRule' $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Set', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP PS_DnsClientNRPTRule_v1.0.0.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-DnsClientNrptRule' -Alias '*' ScriptBlock ID: c5de8afd-4ebc-47a1-ac01-bf2ca32afde4 Path:	4104	1		3	2	15	0	1596	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:57 PM	9d04040e-981f-0004-5c1a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): layName}, [Parameter(ParameterSetName='Set3')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${PassThru}, [Parameter(ParameterSetName='Set3')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Set3')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Set3')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DAEnable')) { [object]$__cmdletization_value = ${DAEnable} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAEnable'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAEnable'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DAIPsecEncryptionType')) { [object]$__cmdletization_value = ${DAIPsecEncryptionType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAIPsecEncryptionType'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAIPsecEncryptionType'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DAIPsecRequired')) { [object]$__cmdletization_value = ${DAIPsecRequired} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAIPsecRequired'; ParameterType = 'System.Nullable`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAIPsecRequired'; ParameterType = 'System.Nullable`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DANameServers')) { [object]$__cmdletization_value = ${DANameServers} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DANameServers'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DANameServers'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DAProxyServerName')) { [object]$__cmdletization_value = ${DAProxyServerName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAProxyServerName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAProxyServerName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DAProxyType')) { [object]$__cmdletization_value = ${DAProxyType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAProxyType'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAProxyType'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Comment')) { [object]$__cmdletization_value = ${Comment} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Comment'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Comment'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DnsSecEnable')) { [object]$__cmdletization_value = ${DnsSecEnable} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsSecEnable'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsSecEnable'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DnsSecIPsecEncryptionType')) { [object]$__cmdletization_value = ${DnsSecIPsecEncryptionType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsSecIPsecEncryptionType'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsSecIPsecEncryptionType'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DnsSecIPsecRequired')) { [object]$__cmdletization_value = ${DnsSecIPsecRequired} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsSecIPsecRequired'; ParameterType = 'System.Nullable`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsSecIPsecRequired'; ParameterType = 'System.Nullable`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DnsSecValidationRequired')) { [object]$__cmdletization_value = ${DnsSecValidationRequired} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsSecValidationRequired'; ParameterType = 'System.Nullable`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsSecValidationRequired'; ParameterType = 'System.Nullable`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GpoName')) { [object]$__cmdletization_value = ${GpoName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GpoName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GpoName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPsecTrustAuthority')) { [object]$__cmdletization_value = ${IPsecTrustAuthority} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPsecTrustAuthority'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPsecTrustAuthority'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Name')) { [object]$__cmdletization_value = ${Name} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Name'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Name'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NameEncoding')) { [object]$__cmdletization_ ScriptBlock ID: c5de8afd-4ebc-47a1-ac01-bf2ca32afde4 Path:	4104	1		3	2	15	0	1595	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:57 PM	9d04040e-981f-0004-5c1a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): meter]@{Name = 'Server'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Server'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameter.ParameterTypeName = 'Microsoft.Management.Infrastructure.CimInstance#DnsClientNrptRule' $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Get', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP PS_DnsClientNRPTRule_v1.0.0.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-DnsClientNrptRule' -Alias '*' function Remove-DnsClientNrptRule { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])][OutputType('Microsoft.Management.Infrastructure.CimInstance#DnsClientNrptRule')] param( [Parameter(ParameterSetName='Remove2', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${GpoName}, [Parameter(ParameterSetName='Remove2', Mandatory=$true, Position=1, ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${Name}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${PassThru}, [Parameter(ParameterSetName='Remove2', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${Server}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${Force}, [Parameter(ParameterSetName='Remove2')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Remove2')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Remove2')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GpoName')) { [object]$__cmdletization_value = ${GpoName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GpoName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GpoName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Name')) { [object]$__cmdletization_value = ${Name} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Name'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Name'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Server')) { [object]$__cmdletization_value = ${Server} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Server'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Server'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Force')) { [object]$__cmdletization_value = ${Force} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Force'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Force'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameter.ParameterTypeName = 'Microsoft.Management.Infrastructure.CimInstance#DnsClientNrptRule' $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Remove', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP PS_DnsClientNRPTRule_v1.0.0.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-DnsClientNrptRule' -Alias '*' function Set-DnsClientNrptRule { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])][OutputType('Microsoft.Management.Infrastructure.CimInstance#DnsClientNrptRule')] param( [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [Alias('DirectAccessEnabled')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DAEnable}, [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [Alias('DirectAccessQueryIPSSECEncryption')] [AllowEmptyString()] [AllowNull()] [ValidateSet('','None','Low','Medium','High')] [string] ${DAIPsecEncryptionType}, [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [Alias('DirectAccessQueryIPsecRequired')] [System.Nullable[bool]] ${DAIPsecRequired}, [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [Alias('DirectAccessDNSServers')] [string[]] ${DANameServers}, [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [Alias('DirectAccessProxyName')] [string] ${DAProxyServerName}, [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [Alias('DirectAccessProxyType')] [AllowEmptyString()] [AllowNull()] [ValidateSet('','NoProxy','UseDefault','UseProxyName')] [string] ${DAProxyType}, [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [string] ${Comment}, [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [Alias('DnsSecEnabled')] [bool] ${DnsSecEnable}, [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [Alias('DnsSecQueryIPsecEncryption')] [AllowEmptyString()] [AllowNull()] [ValidateSet('','None','Low','Medium','High')] [string] ${DnsSecIPsecEncryptionType}, [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [Alias('DnsSecQueryIPsecRequired')] [System.Nullable[bool]] ${DnsSecIPsecRequired}, [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [System.Nullable[bool]] ${DnsSecValidationRequired}, [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [string] ${GpoName}, [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [Alias('IPsecCARestriction')] [string] ${IPsecTrustAuthority}, [Parameter(ParameterSetName='Set3', Mandatory=$true, Position=1, ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${Name}, [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [ValidateSet('Disable','Utf8WithMapping','Utf8WithoutMapping','Punycode')] [string] ${NameEncoding}, [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [string[]] ${NameServers}, [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${Namespace}, [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${Server}, [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [string] ${Disp ScriptBlock ID: c5de8afd-4ebc-47a1-ac01-bf2ca32afde4 Path:	4104	1		3	2	15	0	1594	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:57 PM	9d04040e-981f-0004-5c1a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): rs.ContainsKey('NameEncoding')) { [object]$__cmdletization_value = ${NameEncoding} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NameEncoding'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NameEncoding'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Namespace')) { [object]$__cmdletization_value = ${Namespace} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Namespace'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Namespace'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Server')) { [object]$__cmdletization_value = ${Server} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Server'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Server'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DAProxyType')) { [object]$__cmdletization_value = ${DAProxyType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAProxyType'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAProxyType'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DnsSecValidationRequired')) { [object]$__cmdletization_value = ${DnsSecValidationRequired} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsSecValidationRequired'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsSecValidationRequired'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DAEnable')) { [object]$__cmdletization_value = ${DAEnable} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAEnable'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAEnable'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPsecTrustAuthority')) { [object]$__cmdletization_value = ${IPsecTrustAuthority} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPsecTrustAuthority'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPsecTrustAuthority'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Comment')) { [object]$__cmdletization_value = ${Comment} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Comment'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Comment'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisplayName')) { [object]$__cmdletization_value = ${DisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisplayName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisplayName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameter.ParameterTypeName = 'Microsoft.Management.Infrastructure.CimInstance#DnsClientNrptRule' $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Add', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP PS_DnsClientNRPTRule_v1.0.0.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Add-DnsClientNrptRule' -Alias '*' function Get-DnsClientNrptRule { [CmdletBinding(PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance[]])][OutputType('Microsoft.Management.Infrastructure.CimInstance#DnsClientNrptRule')] param( [Parameter(ParameterSetName='Get1', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${GpoName}, [Parameter(ParameterSetName='Get1', Position=1, ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${Name}, [Parameter(ParameterSetName='Get1', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${Server}, [Parameter(ParameterSetName='Get1')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Get1')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Get1')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GpoName')) { [object]$__cmdletization_value = ${GpoName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GpoName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GpoName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Name')) { [object]$__cmdletization_value = ${Name} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Name'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Name'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Server')) { [object]$__cmdletization_value = ${Server} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodPara ScriptBlock ID: c5de8afd-4ebc-47a1-ac01-bf2ca32afde4 Path:	4104	1		3	2	15	0	1593	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:57 PM	9d04040e-981f-0004-5c1a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/Microsoft/Windows/DNS/PS_DnsClientNrptRule' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Add-DnsClientNrptRule { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])][OutputType('Microsoft.Management.Infrastructure.CimInstance#DnsClientNrptRule')] param( [Parameter(ParameterSetName='Add0', ValueFromPipelineByPropertyName=$true)] [string] ${GpoName}, [Parameter(ParameterSetName='Add0', ValueFromPipelineByPropertyName=$true)] [Alias('DirectAccessDnsServers')] [string[]] ${DANameServers}, [Parameter(ParameterSetName='Add0', ValueFromPipelineByPropertyName=$true)] [Alias('DirectAccessQueryIPsecRequired')] [switch] ${DAIPsecRequired}, [Parameter(ParameterSetName='Add0', ValueFromPipelineByPropertyName=$true)] [Alias('DirectAccessQueryIPSSECEncryption')] [AllowEmptyString()] [AllowNull()] [ValidateSet('','None','Low','Medium','High')] [string] ${DAIPsecEncryptionType}, [Parameter(ParameterSetName='Add0', ValueFromPipelineByPropertyName=$true)] [Alias('DirectAccessProxyName')] [string] ${DAProxyServerName}, [Parameter(ParameterSetName='Add0', ValueFromPipelineByPropertyName=$true)] [Alias('DnsSecEnabled')] [switch] ${DnsSecEnable}, [Parameter(ParameterSetName='Add0', ValueFromPipelineByPropertyName=$true)] [Alias('DnsSecQueryIPsecRequired')] [switch] ${DnsSecIPsecRequired}, [Parameter(ParameterSetName='Add0', ValueFromPipelineByPropertyName=$true)] [Alias('DnsSecQueryIPsecEncryption')] [AllowEmptyString()] [AllowNull()] [ValidateSet('','None','Low','Medium','High')] [string] ${DnsSecIPsecEncryptionType}, [Parameter(ParameterSetName='Add0', ValueFromPipelineByPropertyName=$true)] [string[]] ${NameServers}, [Parameter(ParameterSetName='Add0', ValueFromPipelineByPropertyName=$true)] [ValidateSet('Disable','Utf8WithMapping','Utf8WithoutMapping','Punycode')] [string] ${NameEncoding}, [Parameter(ParameterSetName='Add0', Mandatory=$true, Position=1, ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${Namespace}, [Parameter(ParameterSetName='Add0', ValueFromPipelineByPropertyName=$true)] [string] ${Server}, [Parameter(ParameterSetName='Add0', ValueFromPipelineByPropertyName=$true)] [Alias('DirectAccessProxyType')] [AllowEmptyString()] [AllowNull()] [ValidateSet('','NoProxy','UseDefault','UseProxyName')] [string] ${DAProxyType}, [Parameter(ParameterSetName='Add0', ValueFromPipelineByPropertyName=$true)] [switch] ${DnsSecValidationRequired}, [Parameter(ParameterSetName='Add0', ValueFromPipelineByPropertyName=$true)] [Alias('DirectAccessEnabled')] [switch] ${DAEnable}, [Parameter(ParameterSetName='Add0', ValueFromPipelineByPropertyName=$true)] [Alias('IPsecCARestriction')] [string] ${IPsecTrustAuthority}, [Parameter(ParameterSetName='Add0', ValueFromPipelineByPropertyName=$true)] [string] ${Comment}, [Parameter(ParameterSetName='Add0', ValueFromPipelineByPropertyName=$true)] [string] ${DisplayName}, [Parameter(ParameterSetName='Add0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${PassThru}, [Parameter(ParameterSetName='Add0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Add0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Add0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GpoName')) { [object]$__cmdletization_value = ${GpoName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GpoName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GpoName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DANameServers')) { [object]$__cmdletization_value = ${DANameServers} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DANameServers'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DANameServers'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DAIPsecRequired')) { [object]$__cmdletization_value = ${DAIPsecRequired} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAIPsecRequired'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAIPsecRequired'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DAIPsecEncryptionType')) { [object]$__cmdletization_value = ${DAIPsecEncryptionType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAIPsecEncryptionType'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAIPsecEncryptionType'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DAProxyServerName')) { [object]$__cmdletization_value = ${DAProxyServerName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAProxyServerName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAProxyServerName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DnsSecEnable')) { [object]$__cmdletization_value = ${DnsSecEnable} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsSecEnable'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsSecEnable'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DnsSecIPsecRequired')) { [object]$__cmdletization_value = ${DnsSecIPsecRequired} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsSecIPsecRequired'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsSecIPsecRequired'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DnsSecIPsecEncryptionType')) { [object]$__cmdletization_value = ${DnsSecIPsecEncryptionType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsSecIPsecEncryptionType'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsSecIPsecEncryptionType'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NameServers')) { [object]$__cmdletization_value = ${NameServers} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NameServers'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NameServers'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParamete ScriptBlock ID: c5de8afd-4ebc-47a1-ac01-bf2ca32afde4 Path:	4104	1		3	2	15	0	1592	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:57 PM	9d04040e-981f-0004-5c1a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/Microsoft/Windows/DNS/PS_DnsClientNrptGlobal' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-DnsClientNrptGlobal { [CmdletBinding(PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])][OutputType('Microsoft.Management.Infrastructure.CimInstance#DnsClientNrptGlobal')] param( [Parameter(ParameterSetName='Get0', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${Server}, [Parameter(ParameterSetName='Get0', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${GpoName}, [Parameter(ParameterSetName='Get0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Get0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Get0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Server')) { [object]$__cmdletization_value = ${Server} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Server'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Server'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GpoName')) { [object]$__cmdletization_value = ${GpoName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GpoName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GpoName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameter.ParameterTypeName = 'Microsoft.Management.Infrastructure.CimInstance#DnsClientNrptGlobal' $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Get', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP PS_DnsClientNRPTGlobal_v1.0.0.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-DnsClientNrptGlobal' -Alias '*' function Set-DnsClientNrptGlobal { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])][OutputType('Microsoft.Management.Infrastructure.CimInstance#DnsClientNrptGlobal')] param( [Parameter(ParameterSetName='Set1', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('EnableOnNetworkID','EnableAlways','Disable','DisableDA')] [string] ${EnableDAForAllNetworks}, [Parameter(ParameterSetName='Set1', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${GpoName}, [Parameter(ParameterSetName='Set1', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Disable','FallbackSecure','FallbackUnsecure','FallbackPrivate')] [string] ${SecureNameQueryFallback}, [Parameter(ParameterSetName='Set1', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Disable','QueryIPv6Only','QueryBoth')] [string] ${QueryPolicy}, [Parameter(ParameterSetName='Set1', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${Server}, [Parameter(ParameterSetName='Set1')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${PassThru}, [Parameter(ParameterSetName='Set1')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Set1')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Set1')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableDAForAllNetworks')) { [object]$__cmdletization_value = ${EnableDAForAllNetworks} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableDAForAllNetworks'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableDAForAllNetworks'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GpoName')) { [object]$__cmdletization_value = ${GpoName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GpoName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GpoName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SecureNameQueryFallback')) { [object]$__cmdletization_value = ${SecureNameQueryFallback} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SecureNameQueryFallback'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SecureNameQueryFallback'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('QueryPolicy')) { [object]$__cmdletization_value = ${QueryPolicy} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'QueryPolicy'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'QueryPolicy'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Server')) { [object]$__cmdletization_value = ${Server} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Server'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Server'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameter.ParameterTypeName = 'Microsoft.Management.Infrastructure.CimInstance#DnsClientNrptGlobal' $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Set', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP PS_DnsClientNRPTGlobal_v1.0.0.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-DnsClientNrptGlobal' -Alias '*' ScriptBlock ID: 07b041a2-49cc-46e1-80c4-67639be6f1e2 Path:	4104	1		3	2	15	0	1591	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:57 PM	9d04040e-981f-0004-581a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/Microsoft/Windows/DNS/PS_DnsClientNrptPolicy' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-DnsClientNrptPolicy { [CmdletBinding(PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance[]])][OutputType('Microsoft.Management.Infrastructure.CimInstance#DnsClientPolicyConfiguration')] param( [Parameter(ParameterSetName='Get0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${Effective}, [Parameter(ParameterSetName='Get0', Position=1, ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${Namespace}, [Parameter(ParameterSetName='Get0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Get0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Get0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Effective')) { [object]$__cmdletization_value = ${Effective} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Effective'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Effective'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Namespace')) { [object]$__cmdletization_value = ${Namespace} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Namespace'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Namespace'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameter.ParameterTypeName = 'Microsoft.Management.Infrastructure.CimInstance#DnsClientPolicyConfiguration' $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Get', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP PS_DnsClientNrptPolicy_v1.0.0.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-DnsClientNrptPolicy' -Alias '*' ScriptBlock ID: dd1c9105-99e7-46da-b420-7b4768a372b6 Path:	4104	1		3	2	15	0	1590	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:57 PM	9d04040e-981f-0004-551a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_DNSClientServerAddress' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-DnsClientServerAddress { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_DNSClientServerAddress')] param( [Parameter(ParameterSetName='ByName', ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [uint32[]] ${InterfaceIndex}, [Parameter(ParameterSetName='ByName', Position=0)] [ValidateNotNull()] [string[]] ${InterfaceAlias}, [Parameter(ParameterSetName='ByName')] [Alias('Family')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.DnsClientServerAddress.AddressFamily[]] ${AddressFamily}, [Parameter(ParameterSetName='ByName')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('InterfaceIndex') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceIndex}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceIndex', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceAlias') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceAlias}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceAlias', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AddressFamily') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AddressFamily}) $__cmdletization_queryBuilder.FilterByProperty('AddressFamily', $__cmdletization_values, $false, 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_DnsClientServerAddress.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-DnsClientServerAddress' -Alias '*' function Set-DnsClientServerAddress { [CmdletBinding(DefaultParameterSetName='ByAlias', SupportsShouldProcess=$true, ConfirmImpact='Low', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_DNSClientServerAddress')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [uint32[]] ${InterfaceIndex}, [Parameter(ParameterSetName='ByAlias', Mandatory=$true, Position=0)] [ValidateNotNull()] [string[]] ${InterfaceAlias}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_DNSClientServerAddress')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAlias')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Addresses')] [string[]] ${ServerAddresses}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAlias')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${Validate}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAlias')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('ResetAddresses')] [switch] ${ResetServerAddresses}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAlias')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAlias')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAlias')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAlias')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('InterfaceIndex') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceIndex}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceIndex', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceAlias') -and (@('ByAlias') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceAlias}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceAlias', $__cmdletization_values, $true, 'Default') } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByAlias', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ServerAddresses')) { [object]$__cmdletization_value = ${ServerAddresses} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:ServerAddresses'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:ServerAddresses'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Validate')) { [object]$__cmdletization_value = ${Validate} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Validate'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Validate'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ResetServerAddresses')) { [object]$__cmdletization_value = ${ResetServerAddresses} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:ResetServerAddresses'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:ResetServerAddresses'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_DnsClientServerAddress.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-DnsClientServerAddress' -Alias '*' ScriptBlock ID: 496158b4-1720-4ed9-bba4-4a07890d00a8 Path:	4104	1		3	2	15	0	1589	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:56 PM	9d04040e-981f-0004-511a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_DNSClientGlobalSetting' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-DnsClientGlobalSetting { [CmdletBinding(PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_DNSClientGlobalSetting')] param( [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [int] ${ThrottleLimit}, [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_DnsClientGlobalSetting.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-DnsClientGlobalSetting' -Alias '*' function Set-DnsClientGlobalSetting { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Low', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_DNSClientGlobalSetting')] param( [Parameter(ParameterSetName='InputObject (cdxml)', ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_DNSClientGlobalSetting')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${SuffixSearchList}, [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${UseDevolution}, [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${DevolutionLevel}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SuffixSearchList')) { [object]$__cmdletization_value = ${SuffixSearchList} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SuffixSearchList'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SuffixSearchList'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('UseDevolution')) { [object]$__cmdletization_value = ${UseDevolution} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UseDevolution'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UseDevolution'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DevolutionLevel')) { [object]$__cmdletization_value = ${DevolutionLevel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DevolutionLevel'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DevolutionLevel'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_DnsClientGlobalSetting.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-DnsClientGlobalSetting' -Alias '*' ScriptBlock ID: f5962083-de77-477f-9a65-feb29842d83d Path:	4104	1		3	2	15	0	1588	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:56 PM	9d04040e-981f-0004-4d1a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_DNSClientCache' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Clear-DnsClientCache { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Low', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Clear0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Clear0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Clear0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.UInt32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Clear', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_DnsClientCache.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Clear-DnsClientCache' -Alias '*' function Get-DnsClientCache { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_DNSClientCache')] param( [Parameter(ParameterSetName='ByName', Position=0)] [ValidateNotNull()] [string[]] ${Entry}, [Parameter(ParameterSetName='ByName')] [Alias('RecordName')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByName')] [Alias('RecordType')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.DnsClientCache.Type[]] ${Type}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.DnsClientCache.Status[]] ${Status}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.DnsClientCache.Section[]] ${Section}, [Parameter(ParameterSetName='ByName')] [Alias('TTL')] [ValidateNotNull()] [uint32[]] ${TimeToLive}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint16[]] ${DataLength}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [string[]] ${Data}, [Parameter(ParameterSetName='ByName')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Entry') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Entry}) $__cmdletization_queryBuilder.FilterByProperty('Entry', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Type') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Type}) $__cmdletization_queryBuilder.FilterByProperty('Type', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Section') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Section}) $__cmdletization_queryBuilder.FilterByProperty('Section', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('TimeToLive') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${TimeToLive}) $__cmdletization_queryBuilder.FilterByProperty('TimeToLive', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('DataLength') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DataLength}) $__cmdletization_queryBuilder.FilterByProperty('DataLength', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Data') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Data}) $__cmdletization_queryBuilder.FilterByProperty('Data', $__cmdletization_values, $true, 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_DnsClientCache.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-DnsClientCache' -Alias '*' ScriptBlock ID: aef9ace5-e0db-44fd-88df-15e2c086fce6 Path:	4104	1		3	2	15	0	1587	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:56 PM	9d04040e-981f-0004-491a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_DNSClient' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Register-DnsClient { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Low', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Register0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Register0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Register0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.UInt32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Register', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_DnsClient.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Register-DnsClient' -Alias '*' function Get-DnsClient { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_DNSClient')] param( [Parameter(ParameterSetName='ByName', ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [uint32[]] ${InterfaceIndex}, [Parameter(ParameterSetName='ByName', Position=0)] [ValidateNotNull()] [string[]] ${InterfaceAlias}, [Parameter(ParameterSetName='ByName')] [Alias('Suffix')] [ValidateNotNull()] [string[]] ${ConnectionSpecificSuffix}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [bool[]] ${RegisterThisConnectionsAddress}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [bool[]] ${UseSuffixWhenRegistering}, [Parameter(ParameterSetName='ByName')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('InterfaceIndex') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceIndex}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceIndex', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceAlias') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceAlias}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceAlias', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('ConnectionSpecificSuffix') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ConnectionSpecificSuffix}) $__cmdletization_queryBuilder.FilterByProperty('ConnectionSpecificSuffix', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('RegisterThisConnectionsAddress') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RegisterThisConnectionsAddress}) $__cmdletization_queryBuilder.FilterByProperty('RegisterThisConnectionsAddress', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('UseSuffixWhenRegistering') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${UseSuffixWhenRegistering}) $__cmdletization_queryBuilder.FilterByProperty('UseSuffixWhenRegistering', $__cmdletization_values, $false, 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_DnsClient.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-DnsClient' -Alias '*' function Set-DnsClient { [CmdletBinding(DefaultParameterSetName='ByAlias', SupportsShouldProcess=$true, ConfirmImpact='Low', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_DNSClient')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [uint32[]] ${InterfaceIndex}, [Parameter(ParameterSetName='ByAlias', Mandatory=$true, Position=0)] [ValidateNotNull()] [string[]] ${InterfaceAlias}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_DNSClient')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAlias')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Suffix')] [string] ${ConnectionSpecificSuffix}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAlias')] [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${RegisterThisConnectionsAddress}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAlias')] [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${UseSuffixWhenRegistering}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAlias')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('ResetSuffix')] [switch] ${ResetConnectionSpecificSuffix}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAlias')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAlias')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAlias')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAlias')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('InterfaceIndex') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceIndex}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceIndex', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceAlias') -and (@('ByAlias') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceAlias}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceAlias', $__cmdletization_values, $true, 'Default') } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByAlias', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ConnectionSpecificSuffix')) { [object]$__cmdletization_value = ${ConnectionSpecificSuffix} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ConnectionSpecificSuffix'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ConnectionSpecificSuffix'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RegisterThisConnectionsAddress')) { [object]$__cmdletization_value = ${RegisterThisConnectionsAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegisterThisConnectionsAddress'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegisterThisConnectionsAddress'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('UseSuffixWhenRegistering')) { [object]$__cmdletization_value = ${UseSuffixWhenRegistering} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UseSuffixWhenRegistering'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UseSuffixWhenRegistering'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ResetConnectionSpecificSuffix')) { [object]$__cmdletization_value = ${ResetConnectionSpecificSuffix} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:ResetConnectionSpecificSuffix'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:ResetConnectionSpecificSuffix'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_DnsClient.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-DnsClient' -Alias '*' ScriptBlock ID: 72e16c9b-7ab4-400a-bf06-1feb2de18b01 Path:	4104	1		3	2	15	0	1586	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:56 PM	9d04040e-981f-0003-0b57-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): ('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterPacketDirect.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetAdapterPacketDirect' -Alias '*' function Disable-NetAdapterPacketDirect { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterPacketDirectSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterPacketDirect.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetAdapterPacketDirect' -Alias '*' ScriptBlock ID: ad9be459-cb77-4edf-8dc2-8e93bd177965 Path:	4104	1		3	2	15	0	1585	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:56 PM	9d04040e-981f-0004-3d1a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterPacketDirectSettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterPacketDirect { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterPacketDirectSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterPacketDirect.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterPacketDirect' -Alias '*' function Set-NetAdapterPacketDirect { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterPacketDirectSettingData')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterPacketDirectSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ByInstanceID', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${DomainId}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DomainId')) { [object]$__cmdletization_value = ${DomainId} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DomainId'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DomainId'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterPacketDirect.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetAdapterPacketDirect' -Alias '*' function Enable-NetAdapterPacketDirect { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterPacketDirectSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty ScriptBlock ID: ad9be459-cb77-4edf-8dc2-8e93bd177965 Path:	4104	1		3	2	15	0	1584	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:56 PM	9d04040e-981f-0004-3d1a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterVPortSettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterVPort { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterVPortSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Id')] [ValidateNotNull()] [uint32[]] ${VPortID}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [ValidateNotNull()] [uint32[]] ${SwitchID}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('VfID')] [ValidateNotNull()] [uint16[]] ${FunctionID}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('PF')] [switch] ${PhysicalFunction}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('VPortID') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${VPortID}) $__cmdletization_queryBuilder.FilterByProperty('VPortID', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('SwitchID') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${SwitchID}) $__cmdletization_queryBuilder.FilterByProperty('SwitchID', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('FunctionID') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${FunctionID}) $__cmdletization_queryBuilder.FilterByProperty('FunctionID', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PhysicalFunction') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PhysicalFunction', ${PhysicalFunction}) } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterVPort.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterVPort' -Alias '*' ScriptBlock ID: f12de01a-ac16-4218-b2e7-d45c28304937 Path:	4104	1		3	2	15	0	1583	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:56 PM	9d04040e-981f-0004-3a1a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterVmqQueueSettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterVmqQueue { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterVmqQueueSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [ValidateNotNull()] [uint32[]] ${Id}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Id') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Id}) $__cmdletization_queryBuilder.FilterByProperty('QueueID', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterVmqQueue.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterVmqQueue' -Alias '*' ScriptBlock ID: d10bf8b6-b55f-4cc3-b35b-a0c3bb94bd83 Path:	4104	1		3	2	15	0	1582	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:56 PM	9d04040e-981f-0004-371a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): nce#MSFT_NetAdapterVmqSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterVmq.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetAdapterVmq' -Alias '*' ScriptBlock ID: 8bd153b2-f65b-443d-9153-7561a03a43f8 Path:	4104	1		3	2	15	0	1581	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:56 PM	9d04040e-981f-0000-c41d-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): e; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxProcessorNumber')) { [object]$__cmdletization_value = ${MaxProcessorNumber} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxProcessorNumber'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxProcessorNumber'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NumaNode')) { [object]$__cmdletization_value = ${NumaNode} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NumaNode'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NumaNode'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterVmq.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetAdapterVmq' -Alias '*' function Enable-NetAdapterVmq { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterVmqSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterVmq.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetAdapterVmq' -Alias '*' function Disable-NetAdapterVmq { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInsta ScriptBlock ID: 8bd153b2-f65b-443d-9153-7561a03a43f8 Path:	4104	1		3	2	15	0	1580	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:56 PM	9d04040e-981f-0000-c41d-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterVmqSettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterVmq { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterVmqSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterVmq.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterVmq' -Alias '*' function Set-NetAdapterVmq { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterVmqSettingData')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterVmqSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('BaseG')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint16] ${BaseProcessorGroup}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('BaseN')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [byte] ${BaseProcessorNumber}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Max')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${MaxProcessors}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('MaxN')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [byte] ${MaxProcessorNumber}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('NumaN')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint16] ${NumaNode}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('BaseProcessorGroup')) { [object]$__cmdletization_value = ${BaseProcessorGroup} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'BaseProcessorGroup'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'BaseProcessorGroup'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('BaseProcessorNumber')) { [object]$__cmdletization_value = ${BaseProcessorNumber} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'BaseProcessorNumber'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'BaseProcessorNumber'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxProcessors')) { [object]$__cmdletization_value = ${MaxProcessors} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxProcessors'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxProcessors'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValu ScriptBlock ID: 8bd153b2-f65b-443d-9153-7561a03a43f8 Path:	4104	1		3	2	15	0	1579	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:56 PM	9d04040e-981f-0000-c41d-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterStatisticsSettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterStatistics { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterStatisticsSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterStatistics.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterStatistics' -Alias '*' ScriptBlock ID: 85f50fa3-e867-4ce9-b017-c160a0374a6a Path:	4104	1		3	2	15	0	1578	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:56 PM	9d04040e-981f-0004-311a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterSriovVfSettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterSriovVf { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterSriovVfSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [ValidateNotNull()] [uint32[]] ${SwitchID}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('VfID','Id')] [ValidateNotNull()] [uint16[]] ${FunctionID}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('SwitchID') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${SwitchID}) $__cmdletization_queryBuilder.FilterByProperty('SwitchID', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('FunctionID') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${FunctionID}) $__cmdletization_queryBuilder.FilterByProperty('FunctionID', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterSriovVf.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterSriovVf' -Alias '*' ScriptBlock ID: 91d5a6b8-7d32-42cf-a30e-ba927f046d50 Path:	4104	1		3	2	15	0	1577	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:56 PM	9d04040e-981f-0004-2e1a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterSriov.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetAdapterSriov' -Alias '*' function Disable-NetAdapterSriov { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Low', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterSriovSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterSriov.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetAdapterSriov' -Alias '*' ScriptBlock ID: b2c75663-b0e3-4c57-8799-a7fc8e68059f Path:	4104	1		3	2	15	0	1576	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:56 PM	9d04040e-981f-0004-281a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterSriovSettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterSriov { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterSriovSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterSriov.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterSriov' -Alias '*' function Set-NetAdapterSriov { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Low', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterSriovSettingData')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterSriovSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Vf')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${NumVFs}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NumVFs')) { [object]$__cmdletization_value = ${NumVFs} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NumVFs'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NumVFs'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterSriov.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetAdapterSriov' -Alias '*' function Enable-NetAdapterSriov { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Low', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterSriovSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ScriptBlock ID: b2c75663-b0e3-4c57-8799-a7fc8e68059f Path:	4104	1		3	2	15	0	1575	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:56 PM	9d04040e-981f-0004-281a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterRss.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetAdapterRss' -Alias '*' ScriptBlock ID: 28a1e768-02f3-4e70-9d0d-b9278b2e8af6 Path:	4104	1		3	2	15	0	1574	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:56 PM	9d04040e-981f-0004-221a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): odelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterRss.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetAdapterRss' -Alias '*' function Enable-NetAdapterRss { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterRssSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterRss.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetAdapterRss' -Alias '*' function Disable-NetAdapterRss { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterRssSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch ScriptBlock ID: 28a1e768-02f3-4e70-9d0d-b9278b2e8af6 Path:	4104	1		3	2	15	0	1573	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:56 PM	9d04040e-981f-0004-221a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NumberOfReceiveQueues')) { [object]$__cmdletization_value = ${NumberOfReceiveQueues} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NumberOfReceiveQueues'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NumberOfReceiveQueues'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Profile')) { [object]$__cmdletization_value = ${Profile} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profile'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterRss.Profile'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profile'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterRss.Profile'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('BaseProcessorGroup')) { [object]$__cmdletization_value = ${BaseProcessorGroup} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'BaseProcessorGroup'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'BaseProcessorGroup'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('BaseProcessorNumber')) { [object]$__cmdletization_value = ${BaseProcessorNumber} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'BaseProcessorNumber'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'BaseProcessorNumber'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxProcessorGroup')) { [object]$__cmdletization_value = ${MaxProcessorGroup} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxProcessorGroup'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxProcessorGroup'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxProcessorNumber')) { [object]$__cmdletization_value = ${MaxProcessorNumber} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxProcessorNumber'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxProcessorNumber'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxProcessors')) { [object]$__cmdletization_value = ${MaxProcessors} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxProcessors'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxProcessors'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NumaNode')) { [object]$__cmdletization_value = ${NumaNode} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NumaNode'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NumaNode'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectM ScriptBlock ID: 28a1e768-02f3-4e70-9d0d-b9278b2e8af6 Path:	4104	1		3	2	15	0	1572	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:56 PM	9d04040e-981f-0004-221a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterRssSettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterRss { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterRssSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterRss.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterRss' -Alias '*' function Set-NetAdapterRss { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterRssSettingData')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterRssSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${NumberOfReceiveQueues}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterRss.Profile] ${Profile}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('BaseG')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint16] ${BaseProcessorGroup}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('BaseN')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [byte] ${BaseProcessorNumber}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('MaxG')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint16] ${MaxProcessorGroup}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('MaxN')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [byte] ${MaxProcessorNumber}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Max')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${MaxProcessors}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint16] ${NumaNode}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true ScriptBlock ID: 28a1e768-02f3-4e70-9d0d-b9278b2e8af6 Path:	4104	1		3	2	15	0	1571	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:56 PM	9d04040e-981f-0004-221a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): .Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPv4')) { [object]$__cmdletization_value = ${IPv4} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPv6')) { [object]$__cmdletization_value = ${IPv6} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv6'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv6'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterRsc.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetAdapterRsc' -Alias '*' ScriptBlock ID: f5c05a15-6c06-4a52-9c5f-9d97e21cc3a8 Path:	4104	1		3	2	15	0	1570	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0004-1c1a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPv4')) { [object]$__cmdletization_value = ${IPv4} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPv6')) { [object]$__cmdletization_value = ${IPv6} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv6'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv6'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterRsc.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetAdapterRsc' -Alias '*' function Disable-NetAdapterRsc { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterRscSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${IPv4}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${IPv6}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System ScriptBlock ID: f5c05a15-6c06-4a52-9c5f-9d97e21cc3a8 Path:	4104	1		3	2	15	0	1569	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0004-1c1a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPv4Enabled')) { [object]$__cmdletization_value = ${IPv4Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv4Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv4Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPv6Enabled')) { [object]$__cmdletization_value = ${IPv6Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv6Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv6Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterRsc.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetAdapterRsc' -Alias '*' function Enable-NetAdapterRsc { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterRscSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${IPv4}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${IPv6}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } ScriptBlock ID: f5c05a15-6c06-4a52-9c5f-9d97e21cc3a8 Path:	4104	1		3	2	15	0	1568	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0004-1c1a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterRscSettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterRsc { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterRscSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ByInstanceID', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [bool[]] ${IPv4OperationalState}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ByInstanceID', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [bool[]] ${IPv6OperationalState}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ByInstanceID', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterRsc.FailureReason[]] ${IPv4FailureReason}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ByInstanceID', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterRsc.FailureReason[]] ${IPv6FailureReason}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IPv4OperationalState') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPv4OperationalState}) $__cmdletization_queryBuilder.FilterByProperty('IPv4OperationalState', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('IPv6OperationalState') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPv6OperationalState}) $__cmdletization_queryBuilder.FilterByProperty('IPv6OperationalState', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('IPv4FailureReason') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPv4FailureReason}) $__cmdletization_queryBuilder.FilterByProperty('IPv4FailureReason', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('IPv6FailureReason') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPv6FailureReason}) $__cmdletization_queryBuilder.FilterByProperty('IPv6FailureReason', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterRsc.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterRsc' -Alias '*' function Set-NetAdapterRsc { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterRscSettingData')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterRscSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${IPv4Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${IPv6Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ ScriptBlock ID: f5c05a15-6c06-4a52-9c5f-9d97e21cc3a8 Path:	4104	1		3	2	15	0	1567	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0004-1c1a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterRdma.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetAdapterRdma' -Alias '*' function Disable-NetAdapterRdma { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Low', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterRdmaSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterRdma.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetAdapterRdma' -Alias '*' ScriptBlock ID: daba3045-4f32-4126-a1ac-8c4437da7bbf Path:	4104	1		3	2	15	0	1566	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0004-161a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterRdmaSettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterRdma { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterRdmaSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterRdma.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterRdma' -Alias '*' function Set-NetAdapterRdma { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Low', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterRdmaSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterRdmaSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterRdma.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetAdapterRdma' -Alias '*' function Enable-NetAdapterRdma { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Low', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterRdmaSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } ScriptBlock ID: daba3045-4f32-4126-a1ac-8c4437da7bbf Path:	4104	1		3	2	15	0	1565	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0004-161a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterQos.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetAdapterQos' -Alias '*' ScriptBlock ID: 63e6de1c-83aa-4f6b-983e-f8fa2f5a66bc Path:	4104	1		3	2	15	0	1564	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0004-101a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): fDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterQosSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterQos.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetAdapterQos' -Alias '*' function Disable-NetAdapterQos { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterQosSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = ScriptBlock ID: 63e6de1c-83aa-4f6b-983e-f8fa2f5a66bc Path:	4104	1		3	2	15	0	1563	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0004-101a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterQosSettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterQos { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterQosSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterQos.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterQos' -Alias '*' function Set-NetAdapterQos { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterQosSettingData')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterQosSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ByInstanceID', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterQos.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetAdapterQos' -Alias '*' function Enable-NetAdapterQos { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('i ScriptBlock ID: 63e6de1c-83aa-4f6b-983e-f8fa2f5a66bc Path:	4104	1		3	2	15	0	1562	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0004-101a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterPowerManagement.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetAdapterPowerManagement' -Alias '*' ScriptBlock ID: 61f9daa5-5b42-4a8f-90b0-d9dcd076f57d Path:	4104	1		3	2	15	0	1561	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0005-7654-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): e = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterPowerManagement.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetAdapterPowerManagement' -Alias '*' function Disable-NetAdapterPowerManagement { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Low', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterPowerManagementSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${ArpOffload}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${D0PacketCoalescing}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${DeviceSleepOnDisconnect}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NSOffload}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${RsnRekeyOffload}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${SelectiveSuspend}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${WakeOnMagicPacket}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${WakeOnPattern}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ArpOffload')) { [object]$__cmdletization_value = ${ArpOffload} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ArpOffload'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ArpOffload'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('D0PacketCoalescing')) { [object]$__cmdletization_value = ${D0PacketCoalescing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'D0PacketCoalescing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'D0PacketCoalescing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DeviceSleepOnDisconnect')) { [object]$__cmdletization_value = ${DeviceSleepOnDisconnect} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DeviceSleepOnDisconnect'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DeviceSleepOnDisconnect'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NSOffload')) { [object]$__cmdletization_value = ${NSOffload} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NSOffload'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NSOffload'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RsnRekeyOffload')) { [object]$__cmdletization_value = ${RsnRekeyOffload} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RsnRekeyOffload'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RsnRekeyOffload'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SelectiveSuspend')) { [object]$__cmdletization_value = ${SelectiveSuspend} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SelectiveSuspend'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SelectiveSuspend'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('WakeOnMagicPacket')) { [object]$__cmdletization_value = ${WakeOnMagicPacket} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'WakeOnMagicPacket'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'WakeOnMagicPacket'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('WakeOnPattern')) { [object]$__cmdletization_value = ${WakeOnPattern} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'WakeOnPattern'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'WakeOnPattern'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [ ScriptBlock ID: 61f9daa5-5b42-4a8f-90b0-d9dcd076f57d Path:	4104	1		3	2	15	0	1560	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0005-7654-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): eratedTypes.NetAdapterPowerManagement.Setting'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SelectiveSuspend'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('WakeOnMagicPacket')) { [object]$__cmdletization_value = ${WakeOnMagicPacket} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'WakeOnMagicPacket'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'WakeOnMagicPacket'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('WakeOnPattern')) { [object]$__cmdletization_value = ${WakeOnPattern} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'WakeOnPattern'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'WakeOnPattern'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterPowerManagement.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetAdapterPowerManagement' -Alias '*' function Enable-NetAdapterPowerManagement { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Low', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterPowerManagementSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${ArpOffload}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${D0PacketCoalescing}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${DeviceSleepOnDisconnect}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NSOffload}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${RsnRekeyOffload}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${SelectiveSuspend}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${WakeOnMagicPacket}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${WakeOnPattern}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ArpOffload')) { [object]$__cmdletization_value = ${ArpOffload} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ArpOffload'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ArpOffload'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('D0PacketCoalescing')) { [object]$__cmdletization_value = ${D0PacketCoalescing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'D0PacketCoalescing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'D0PacketCoalescing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DeviceSleepOnDisconnect')) { [object]$__cmdletization_value = ${DeviceSleepOnDisconnect} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DeviceSleepOnDisconnect'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DeviceSleepOnDisconnect'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NSOffload')) { [object]$__cmdletization_value = ${NSOffload} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NSOffload'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NSOffload'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RsnRekeyOffload')) { [object]$__cmdletization_value = ${RsnRekeyOffload} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RsnRekeyOffload'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RsnRekeyOffload'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SelectiveSuspend')) { [object]$__cmdletization_value = ${SelectiveSuspend} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SelectiveSuspend'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SelectiveSuspend'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('WakeOnMagicPacket')) { [object]$__cmdletization_value = ${WakeOnMagicPacket} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'WakeOnMagicPacket'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'WakeOnMagicPacket'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('WakeOnPattern')) { [object]$__cmdletization_value = ${WakeOnPattern} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'WakeOnPattern'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'WakeOnPattern'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Nam ScriptBlock ID: 61f9daa5-5b42-4a8f-90b0-d9dcd076f57d Path:	4104	1		3	2	15	0	1559	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0005-7654-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterPowerManagementSettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterPowerManagement { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterPowerManagementSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterPowerManagement.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterPowerManagement' -Alias '*' function Set-NetAdapterPowerManagement { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Low', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterPowerManagementSettingData')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterPowerManagementSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Enabled','Disabled')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting] ${ArpOffload}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Enabled','Disabled')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting] ${D0PacketCoalescing}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Enabled','Disabled')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting] ${DeviceSleepOnDisconnect}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Enabled','Disabled')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting] ${NSOffload}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Enabled','Disabled')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting] ${RsnRekeyOffload}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Enabled','Disabled')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting] ${SelectiveSuspend}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Enabled','Disabled')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting] ${WakeOnMagicPacket}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Enabled','Disabled')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting] ${WakeOnPattern}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ArpOffload')) { [object]$__cmdletization_value = ${ArpOffload} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ArpOffload'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ArpOffload'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('D0PacketCoalescing')) { [object]$__cmdletization_value = ${D0PacketCoalescing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'D0PacketCoalescing'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'D0PacketCoalescing'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DeviceSleepOnDisconnect')) { [object]$__cmdletization_value = ${DeviceSleepOnDisconnect} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DeviceSleepOnDisconnect'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DeviceSleepOnDisconnect'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NSOffload')) { [object]$__cmdletization_value = ${NSOffload} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NSOffload'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NSOffload'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RsnRekeyOffload')) { [object]$__cmdletization_value = ${RsnRekeyOffload} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RsnRekeyOffload'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RsnRekeyOffload'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SelectiveSuspend')) { [object]$__cmdletization_value = ${SelectiveSuspend} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SelectiveSuspend'; ParameterType = 'Microsoft.PowerShell.Cmdletization.Gen ScriptBlock ID: 61f9daa5-5b42-4a8f-90b0-d9dcd076f57d Path:	4104	1		3	2	15	0	1558	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0005-7654-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): )] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterLsoSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${IPv4}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${IPv6}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPv4')) { [object]$__cmdletization_value = ${IPv4} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPv6')) { [object]$__cmdletization_value = ${IPv6} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv6'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv6'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterLso.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetAdapterLso' -Alias '*' ScriptBlock ID: 8f84423e-1841-4939-9f5c-837c22a0dde0 Path:	4104	1		3	2	15	0	1557	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0004-0a1a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): odParameter]@{Name = 'IPv6Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterLso.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetAdapterLso' -Alias '*' function Enable-NetAdapterLso { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterLsoSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${IPv4}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${IPv6}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPv4')) { [object]$__cmdletization_value = ${IPv4} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPv6')) { [object]$__cmdletization_value = ${IPv6} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv6'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv6'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterLso.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetAdapterLso' -Alias '*' function Disable-NetAdapterLso { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false ScriptBlock ID: 8f84423e-1841-4939-9f5c-837c22a0dde0 Path:	4104	1		3	2	15	0	1556	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0004-0a1a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterLsoSettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterLso { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterLsoSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterLso.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterLso' -Alias '*' function Set-NetAdapterLso { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterLsoSettingData')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterLsoSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${V1IPv4Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${IPv4Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${IPv6Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('V1IPv4Enabled')) { [object]$__cmdletization_value = ${V1IPv4Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'V1IPv4Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'V1IPv4Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPv4Enabled')) { [object]$__cmdletization_value = ${IPv4Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv4Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv4Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPv6Enabled')) { [object]$__cmdletization_value = ${IPv6Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv6Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.Meth ScriptBlock ID: 8f84423e-1841-4939-9f5c-837c22a0dde0 Path:	4104	1		3	2	15	0	1555	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0004-0a1a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): rameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterIPsecOffload.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetAdapterIPsecOffload' -Alias '*' function Disable-NetAdapterIPsecOffload { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Low', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterIPsecOffloadV2SettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterIPsecOffload.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetAdapterIPsecOffload' -Alias '*' ScriptBlock ID: fa840abe-ae78-4c8b-ab8f-06a589e946a7 Path:	4104	1		3	2	15	0	1554	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0004-041a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterIPsecOffloadV2SettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterIPsecOffload { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterIPsecOffloadV2SettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterIPsecOffload.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterIPsecOffload' -Alias '*' function Set-NetAdapterIPsecOffload { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Low', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterIPsecOffloadV2SettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Set', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterIPsecOffload.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetAdapterIPsecOffload' -Alias '*' function Enable-NetAdapterIPsecOffload { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Low', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterIPsecOffloadV2SettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicPa ScriptBlock ID: fa840abe-ae78-4c8b-ab8f-06a589e946a7 Path:	4104	1		3	2	15	0	1553	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0004-041a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterHardwareInfoSettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterHardwareInfo { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterHardwareInfoSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterHardwareInfo.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterHardwareInfo' -Alias '*' ScriptBlock ID: 6592fb15-defa-478c-a9a0-2115605d116b Path:	4104	1		3	2	15	0	1552	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0000-c11d-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): rosoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterEncapsulatedPacketTaskOffload.EncapsulationType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterEncapsulatedPacketTaskOffload.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetAdapterEncapsulatedPacketTaskOffload' -Alias '*' function Disable-NetAdapterEncapsulatedPacketTaskOffload { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterEncapsulatedPacketTaskOffloadSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterEncapsulatedPacketTaskOffload.EncapsulationType] ${EncapsulationType}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EncapsulationType')) { [object]$__cmdletization_value = ${EncapsulationType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EncapsulationType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterEncapsulatedPacketTaskOffload.EncapsulationType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EncapsulationType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterEncapsulatedPacketTaskOffload.EncapsulationType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterEncapsulatedPacketTaskOffload.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetAdapterEncapsulatedPacketTaskOffload' -Alias '*' ScriptBlock ID: 6c7244c3-311a-46fe-9c86-60f75f7d0056 Path:	4104	1		3	2	15	0	1551	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0004-011a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): t]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('VxlanEncapsulatedPacketTaskOffloadEnabled')) { [object]$__cmdletization_value = ${VxlanEncapsulatedPacketTaskOffloadEnabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'VxlanEncapsulatedPacketTaskOffloadEnabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'VxlanEncapsulatedPacketTaskOffloadEnabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('VxlanUDPPortNumber')) { [object]$__cmdletization_value = ${VxlanUDPPortNumber} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'VxlanUDPPortNumber'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'VxlanUDPPortNumber'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterEncapsulatedPacketTaskOffload.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetAdapterEncapsulatedPacketTaskOffload' -Alias '*' function Enable-NetAdapterEncapsulatedPacketTaskOffload { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterEncapsulatedPacketTaskOffloadSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterEncapsulatedPacketTaskOffload.EncapsulationType] ${EncapsulationType}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EncapsulationType')) { [object]$__cmdletization_value = ${EncapsulationType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EncapsulationType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterEncapsulatedPacketTaskOffload.EncapsulationType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EncapsulationType'; ParameterType = 'Mic ScriptBlock ID: 6c7244c3-311a-46fe-9c86-60f75f7d0056 Path:	4104	1		3	2	15	0	1550	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0004-011a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterEncapsulatedPacketTaskOffloadSettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterEncapsulatedPacketTaskOffload { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterEncapsulatedPacketTaskOffloadSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterEncapsulatedPacketTaskOffload.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterEncapsulatedPacketTaskOffload' -Alias '*' function Set-NetAdapterEncapsulatedPacketTaskOffload { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterEncapsulatedPacketTaskOffloadSettingData')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterEncapsulatedPacketTaskOffloadSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${NvgreEncapsulatedPacketTaskOffloadEnabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${VxlanEncapsulatedPacketTaskOffloadEnabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateRange(1, 65535)] [uint16] ${VxlanUDPPortNumber}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NvgreEncapsulatedPacketTaskOffloadEnabled')) { [object]$__cmdletization_value = ${NvgreEncapsulatedPacketTaskOffloadEnabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NvgreEncapsulatedPacketTaskOffloadEnabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NvgreEncapsulatedPacketTaskOffloadEnabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [objec ScriptBlock ID: 6c7244c3-311a-46fe-9c86-60f75f7d0056 Path:	4104	1		3	2	15	0	1549	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0004-011a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): rSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpIPv4')) { [object]$__cmdletization_value = ${IpIPv4} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpIPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpIPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('TcpIPv4')) { [object]$__cmdletization_value = ${TcpIPv4} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TcpIPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TcpIPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('TcpIPv6')) { [object]$__cmdletization_value = ${TcpIPv6} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TcpIPv6'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TcpIPv6'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('UdpIPv4')) { [object]$__cmdletization_value = ${UdpIPv4} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UdpIPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UdpIPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('UdpIPv6')) { [object]$__cmdletization_value = ${UdpIPv6} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UdpIPv6'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UdpIPv6'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterChecksumOffload.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetAdapterChecksumOffload' -Alias '*' ScriptBlock ID: 3b9a12c3-b7fc-4bae-9caa-ea864fa51bee Path:	4104	1		3	2	15	0	1548	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0004-fb19-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): oundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterChecksumOffload.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetAdapterChecksumOffload' -Alias '*' function Enable-NetAdapterChecksumOffload { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterChecksumOffloadSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${IpIPv4}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${TcpIPv4}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${TcpIPv6}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${UdpIPv4}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${UdpIPv6}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpIPv4')) { [object]$__cmdletization_value = ${IpIPv4} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpIPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpIPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('TcpIPv4')) { [object]$__cmdletization_value = ${TcpIPv4} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TcpIPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TcpIPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('TcpIPv6')) { [object]$__cmdletization_value = ${TcpIPv6} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TcpIPv6'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TcpIPv6'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('UdpIPv4')) { [object]$__cmdletization_value = ${UdpIPv4} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UdpIPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UdpIPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('UdpIPv6')) { [object]$__cmdletization_value = ${UdpIPv6} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UdpIPv6'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UdpIPv6'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterChecksumOffload.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetAdapterChecksumOffload' -Alias '*' function Disable-NetAdapterChecksumOffload { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterChecksumOffloadSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${IpIPv4}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${TcpIPv4}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${TcpIPv6}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${UdpIPv4}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${UdpIPv6}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(Paramete ScriptBlock ID: 3b9a12c3-b7fc-4bae-9caa-ea864fa51bee Path:	4104	1		3	2	15	0	1547	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0004-fb19-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterChecksumOffloadSettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterChecksumOffload { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterChecksumOffloadSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterChecksumOffload.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterChecksumOffload' -Alias '*' function Set-NetAdapterChecksumOffload { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterChecksumOffloadSettingData')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterChecksumOffloadSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterChecksumOffload.Direction] ${IpIPv4Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterChecksumOffload.Direction] ${TcpIPv4Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterChecksumOffload.Direction] ${TcpIPv6Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterChecksumOffload.Direction] ${UdpIPv4Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterChecksumOffload.Direction] ${UdpIPv6Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpIPv4Enabled')) { [object]$__cmdletization_value = ${IpIPv4Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpIPv4Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterChecksumOffload.Direction'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpIPv4Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterChecksumOffload.Direction'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('TcpIPv4Enabled')) { [object]$__cmdletization_value = ${TcpIPv4Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TcpIPv4Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterChecksumOffload.Direction'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TcpIPv4Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterChecksumOffload.Direction'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('TcpIPv6Enabled')) { [object]$__cmdletization_value = ${TcpIPv6Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TcpIPv6Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterChecksumOffload.Direction'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TcpIPv6Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterChecksumOffload.Direction'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('UdpIPv4Enabled')) { [object]$__cmdletization_value = ${UdpIPv4Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UdpIPv4Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterChecksumOffload.Direction'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UdpIPv4Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterChecksumOffload.Direction'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('UdpIPv6Enabled')) { [object]$__cmdletization_value = ${UdpIPv6Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UdpIPv6Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterChecksumOffload.Direction'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UdpIPv6Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterChecksumOffload.Direction'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSB ScriptBlock ID: 3b9a12c3-b7fc-4bae-9caa-ea864fa51bee Path:	4104	1		3	2	15	0	1546	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0004-fb19-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): yName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('ComponentID') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ComponentID}) $__cmdletization_queryBuilder.FilterByProperty('ComponentID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } if ($PSBoundParameters.ContainsKey('AllBindings') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('AllBindings', ${AllBindings}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterBinding.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetAdapterBinding' -Alias '*' ScriptBlock ID: 2ae38a10-b59a-4d13-afca-62b59e08d3a5 Path:	4104	1		3	2	15	0	1545	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0004-f519-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterBinding.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetAdapterBinding' -Alias '*' function Enable-NetAdapterBinding { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [ValidateNotNull()] [string[]] ${ComponentID}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AllBindings}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterBindingSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('ComponentID') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ComponentID}) $__cmdletization_queryBuilder.FilterByProperty('ComponentID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } if ($PSBoundParameters.ContainsKey('AllBindings') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('AllBindings', ${AllBindings}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterBinding.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetAdapterBinding' -Alias '*' function Disable-NetAdapterBinding { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [ValidateNotNull()] [string[]] ${ComponentID}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AllBindings}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterBindingSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='B ScriptBlock ID: 2ae38a10-b59a-4d13-afca-62b59e08d3a5 Path:	4104	1		3	2	15	0	1544	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0004-f519-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterBindingSettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterBinding { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterBindingSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [ValidateNotNull()] [string[]] ${ComponentID}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AllBindings}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('ComponentID') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ComponentID}) $__cmdletization_queryBuilder.FilterByProperty('ComponentID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } if ($PSBoundParameters.ContainsKey('AllBindings') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('AllBindings', ${AllBindings}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterBinding.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterBinding' -Alias '*' function Set-NetAdapterBinding { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterBindingSettingData')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [ValidateNotNull()] [string[]] ${ComponentID}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AllBindings}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterBindingSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('ComponentID') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ComponentID}) $__cmdletization_queryBuilder.FilterByProperty('ComponentID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } if ($PSBoundParameters.ContainsKey('AllBindings') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('AllBindings', ${AllBindings}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ScriptBlock ID: 2ae38a10-b59a-4d13-afca-62b59e08d3a5 Path:	4104	1		3	2	15	0	1543	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0004-f519-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Reset', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterAdvancedProperty.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Reset-NetAdapterAdvancedProperty' -Alias '*' ScriptBlock ID: f53a57f1-caa6-4abc-a03e-1e919987f24b Path:	4104	1		3	2	15	0	1542	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0004-ee19-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): rosoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterAdvancedProperty.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetAdapterAdvancedProperty' -Alias '*' function Remove-NetAdapterAdvancedProperty { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterAdvancedPropertySettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('RegKey')] [ValidateNotNull()] [string[]] ${RegistryKeyword}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AllProperties}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterAdvancedPropertySettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('RegistryKeyword') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RegistryKeyword}) $__cmdletization_queryBuilder.FilterByProperty('RegistryKeyword', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } if ($PSBoundParameters.ContainsKey('AllProperties') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('AllProperties', ${AllProperties}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterAdvancedProperty.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetAdapterAdvancedProperty' -Alias '*' function Reset-NetAdapterAdvancedProperty { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('DispN')] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterAdvancedPropertySettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} ScriptBlock ID: f53a57f1-caa6-4abc-a03e-1e919987f24b Path:	4104	1		3	2	15	0	1541	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0004-ee19-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterAdvancedProperty.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'New-NetAdapterAdvancedProperty' -Alias '*' function Get-NetAdapterAdvancedProperty { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterAdvancedPropertySettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ByNameDisplayName', Position=0, ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ByNameRegistryKeyword', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true)] [Parameter(ParameterSetName='ByInstanceIDDisplayName', Mandatory=$true)] [Parameter(ParameterSetName='ByInstanceIDKeyword', Mandatory=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByNameDisplayName', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ByInstanceIDDisplayName', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('DispN')] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByNameRegistryKeyword', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ByInstanceIDKeyword', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('RegKey')] [ValidateNotNull()] [string[]] ${RegistryKeyword}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByNameDisplayName')] [Parameter(ParameterSetName='ByNameRegistryKeyword')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='ByInstanceIDDisplayName')] [Parameter(ParameterSetName='ByInstanceIDKeyword')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByNameDisplayName')] [Parameter(ParameterSetName='ByNameRegistryKeyword')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='ByInstanceIDDisplayName')] [Parameter(ParameterSetName='ByInstanceIDKeyword')] [switch] ${AllProperties}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByNameDisplayName')] [Parameter(ParameterSetName='ByNameRegistryKeyword')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='ByInstanceIDDisplayName')] [Parameter(ParameterSetName='ByInstanceIDKeyword')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByNameDisplayName')] [Parameter(ParameterSetName='ByNameRegistryKeyword')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='ByInstanceIDDisplayName')] [Parameter(ParameterSetName='ByInstanceIDKeyword')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByNameDisplayName')] [Parameter(ParameterSetName='ByNameRegistryKeyword')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='ByInstanceIDDisplayName')] [Parameter(ParameterSetName='ByInstanceIDKeyword')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName', 'ByNameDisplayName', 'ByNameRegistryKeyword') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID', 'ByInstanceIDDisplayName', 'ByInstanceIDKeyword') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByNameDisplayName', 'ByInstanceIDDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('RegistryKeyword') -and (@('ByNameRegistryKeyword', 'ByInstanceIDKeyword') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RegistryKeyword}) $__cmdletization_queryBuilder.FilterByProperty('RegistryKeyword', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByNameDisplayName', 'ByNameRegistryKeyword', 'ByInstanceID', 'ByInstanceIDDisplayName', 'ByInstanceIDKeyword') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } if ($PSBoundParameters.ContainsKey('AllProperties') -and (@('ByName', 'ByNameDisplayName', 'ByNameRegistryKeyword', 'ByInstanceID', 'ByInstanceIDDisplayName', 'ByInstanceIDKeyword') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('AllProperties', ${AllProperties}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterAdvancedProperty.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterAdvancedProperty' -Alias '*' function Set-NetAdapterAdvancedProperty { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterAdvancedPropertySettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ByInstanceID', ValueFromPipelineByPropertyName=$true)] [Alias('DispN')] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ByInstanceID', ValueFromPipelineByPropertyName=$true)] [Alias('RegKey')] [ValidateNotNull()] [string[]] ${RegistryKeyword}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AllProperties}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterAdvancedPropertySettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ByInstanceID', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${DisplayValue}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ByInstanceID', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${RegistryValue}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('RegistryKeyword') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RegistryKeyword}) $__cmdletization_queryBuilder.FilterByProperty('RegistryKeyword', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } if ($PSBoundParameters.ContainsKey('AllProperties') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('AllProperties', ${AllProperties}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisplayValue')) { [object]$__cmdletization_value = ${DisplayValue} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisplayValue'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisplayValue'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RegistryValue')) { [object]$__cmdletization_value = ${RegistryValue} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegistryValue'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegistryValue'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Mic ScriptBlock ID: f53a57f1-caa6-4abc-a03e-1e919987f24b Path:	4104	1		3	2	15	0	1540	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0004-ee19-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterAdvancedPropertySettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function New-NetAdapterAdvancedProperty { [CmdletBinding(DefaultParameterSetName='Name', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] param( [Parameter(ParameterSetName='InstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${InterfaceDescription}, [Parameter(ParameterSetName='InstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='Name', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${RegistryKeyword}, [Parameter(ParameterSetName='InstanceID', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='Name', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterAdvancedProperty.RegDataType] ${RegistryDataType}, [Parameter(ParameterSetName='InstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='Name', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${RegistryValue}, [Parameter(ParameterSetName='InstanceID')] [Parameter(ParameterSetName='Name')] [switch] ${NoRestart}, [Parameter(ParameterSetName='InstanceID')] [Parameter(ParameterSetName='Name')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='Name', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${Name}, [Parameter(ParameterSetName='InstanceID')] [Parameter(ParameterSetName='Name')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='InstanceID')] [Parameter(ParameterSetName='Name')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='InstanceID')] [Parameter(ParameterSetName='Name')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('InstanceID') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceDescription')) { [object]$__cmdletization_value = ${InterfaceDescription} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceDescription'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceDescription'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RegistryKeyword')) { [object]$__cmdletization_value = ${RegistryKeyword} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegistryKeyword'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegistryKeyword'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RegistryDataType')) { [object]$__cmdletization_value = ${RegistryDataType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegistryDataType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterAdvancedProperty.RegDataType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegistryDataType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterAdvancedProperty.RegDataType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RegistryValue')) { [object]$__cmdletization_value = ${RegistryValue} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegistryValue'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegistryValue'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IncludeHidden')) { [object]$__cmdletization_value = ${IncludeHidden} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:IncludeHidden'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:IncludeHidden'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:CreateInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } { @('Name') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Name')) { [object]$__cmdletization_value = ${Name} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Name'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Name'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RegistryKeyword')) { [object]$__cmdletization_value = ${RegistryKeyword} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegistryKeyword'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegistryKeyword'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RegistryDataType')) { [object]$__cmdletization_value = ${RegistryDataType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegistryDataType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterAdvancedProperty.RegDataType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegistryDataType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterAdvancedProperty.RegDataType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RegistryValue')) { [object]$__cmdletization_value = ${RegistryValue} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegistryValue'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegistryValue'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IncludeHidden')) { [object]$__cmdletization_value = ${IncludeHidden} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:IncludeHidden'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:IncludeHidden'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:CreateInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { ScriptBlock ID: f53a57f1-caa6-4abc-a03e-1e919987f24b Path:	4104	1		3	2	15	0	1539	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0004-ee19-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='High', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapter')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapter')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateRange(0, 4094)] [uint16] ${VlanID}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('LinkLayerAddress')] [string] ${MacAddress}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NetworkAddresses'; ParameterType = 'System.String[]'; Bindings = '0'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('VlanID')) { [object]$__cmdletization_value = ${VlanID} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'VlanID'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'VlanID'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MacAddress')) { [object]$__cmdletization_value = ${MacAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:MacAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:MacAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetAdapter' -Alias '*' ScriptBlock ID: 83722fd4-715a-4a8f-bd28-af086759834d Path:	4104	1		3	2	15	0	1538	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0004-e619-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetAdapter' -Alias '*' function Restart-NetAdapter { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapter')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Restart', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Restart-NetAdapter' -Alias '*' function Rename-NetAdapter { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapter')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=1)] [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, Position=1)] [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, Position=1)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Rename', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Rename-NetAdapter' -Alias '*' function Set-NetAdapter { ScriptBlock ID: 83722fd4-715a-4a8f-bd28-af086759834d Path:	4104	1		3	2	15	0	1537	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0004-e619-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapter' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapter { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapter')] param( [Parameter(ParameterSetName='ByName', Position=0)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByIfIndex', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifIndex')] [ValidateNotNull()] [uint32[]] ${InterfaceIndex}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='ByIfIndex')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='ByIfIndex')] [switch] ${Physical}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='ByIfIndex')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='ByIfIndex')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='ByIfIndex')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceIndex') -and (@('ByIfIndex') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceIndex}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceIndex', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID', 'ByIfIndex') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } if ($PSBoundParameters.ContainsKey('Physical') -and (@('ByName', 'ByInstanceID', 'ByIfIndex') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('Physical', ${Physical}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapter' -Alias '*' function Enable-NetAdapter { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapter')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetAdapter' -Alias '*' function Disable-NetAdapter { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='High', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapter')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__ ScriptBlock ID: 83722fd4-715a-4a8f-bd28-af086759834d Path:	4104	1		3	2	15	0	1536	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	868	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:55 PM	9d04040e-981f-0004-e619-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 4a848b00-cd17-4237-92bb-e55b1c61a817 Path:	4104	1		3	2	15	0	1535	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	2828	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:54 PM	9d04040e-981f-0004-d719-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 5e4ca418-c9c0-490e-8fe4-889f4fc71b25 Path:	4104	1		3	2	15	0	1534	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	2828	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:53 PM	9d04040e-981f-0004-c819-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): sgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCiMgRlVUVVJFOiBjaGVjayBzdGF0aWNhbGx5LXNldCB2YWx1ZXMgdmlhIHJlZ2lzdHJ5IHNvIHdlIGNhbiBkZXRlcm1pbmUgZGlmZmVyZW5jZSBiZXR3ZWVuIERIQ1Atc291cmNlIHZhbHVlcyBhbmQgc3RhdGljIHZhbHVlcz8gKHByZXZlbnQgc3B1cmlvdXMgY2hhbmdlZAojIG5vdGlmaWNhdGlvbnMgb24gREhDUC1zb3VyY2VkIHZhbHVlcykKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKJENvbmZpcm1QcmVmZXJlbmNlID0gIk5vbmUiCgpGdW5jdGlvbiBXcml0ZS1EZWJ1Z0xvZyB7CiAgICBQYXJhbSgKICAgIFtzdHJpbmddJG1zZwogICAgKQoKICAgICREZWJ1Z1ByZWZlcmVuY2UgPSAiQ29udGludWUiCiAgICAkRXJyb3JBY3Rpb25QcmVmZXJlbmNlID0gIkNvbnRpbnVlIgogICAgJGRhdGVfc3RyID0gR2V0LURhdGUgLUZvcm1hdCB1CiAgICAkbXNnID0gIiRkYXRlX3N0ciAkbXNnIgoKICAgIFdyaXRlLURlYnVnICRtc2cKCiAgICBpZigkbG9nX3BhdGgpIHsKICAgICAgICBBZGQtQ29udGVudCAkbG9nX3BhdGggJG1zZwogICAgfQp9CgojIG1pbmltYWwgaW1wbCBvZiBHZXQtTmV0QWRhcHRlciB3ZSBuZWVkIG9uIDIwMDgvMjAwOFIyCkZ1bmN0aW9uIEdldC1OZXRBZGFwdGVyTGVnYWN5IHsKICAgIFBhcmFtKFtzdHJpbmddJE5hbWU9IioiKQoKICAgICR3bWlhcmdzID0gQHtDbGFzcz0iV2luMzJfTmV0d29ya0FkYXB0ZXIifQoKICAgIElmKCROYW1lLkNvbnRhaW5zKCIqIikpIHsKICAgICAgICAkd21pYXJncy5GaWx0ZXIgPSAiTmV0Q29ubmVjdGlvbklEIExJS0UgJyQoJE5hbWUuUmVwbGFjZSgiKiIsIiUiKSknIgogICAgfQogICAgRWxzZSB7CiAgICAgICAgJHdtaWFyZ3MuRmlsdGVyID0gIk5ldENvbm5lY3Rpb25JRCA9ICckTmFtZSciCiAgICB9CgogICAgJHdtaXByb3AgPSBAKAogICAgICAgIEB7TmFtZT0iTmFtZSI7IEV4cHJlc3Npb249eyRfLk5ldENvbm5lY3Rpb25JRH19LAogICAgICAgIEB7TmFtZT0iaWZJbmRleCI7IEV4cHJlc3Npb249eyRfLkRldmljZUlEfX0KICAgICkKCiAgICAkcmVzID0gR2V0LVdtaU9iamVjdCBAd21pYXJncyB8IFNlbGVjdC1PYmplY3QgLVByb3BlcnR5ICR3bWlwcm9wCgogICAgSWYoQCgkcmVzKS5Db3VudCAtZXEgMCAtYW5kIC1ub3QgJE5hbWUuQ29udGFpbnMoIioiKSkgewogICAgICAgIHRocm93ICJHZXQtTmV0QWRhcHRlckxlZ2FjeTogTm8gV2luMzJfTmV0d29ya0FkYXB0ZXIgb2JqZWN0cyBmb3VuZCB3aXRoIHByb3BlcnR5ICdOZXRDb25uZWN0aW9uSUQnIGVxdWFsIHRvICckTmFtZSciCiAgICB9CgogICAgV3JpdGUtT3V0cHV0ICRyZXMKfQoKSWYoLW5vdCAkKEdldC1Db21tYW5kIEdldC1OZXRBZGFwdGVyIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkgewogICAgTmV3LUFsaWFzIEdldC1OZXRBZGFwdGVyIEdldC1OZXRBZGFwdGVyTGVnYWN5IC1Gb3JjZQp9CgojIG1pbmltYWwgaW1wbCBvZiBHZXQtRG5zQ2xpZW50U2VydmVyQWRkcmVzcyBmb3IgMjAwOC8yMDA4UjIKRnVuY3Rpb24gR2V0LURuc0NsaWVudFNlcnZlckFkZHJlc3NMZWdhY3kgewogICAgUGFyYW0oW3N0cmluZ10kSW50ZXJmYWNlQWxpYXMpCgogICAgJGlkeCA9IEdldC1OZXRBZGFwdGVyIC1OYW1lICRJbnRlcmZhY2VBbGlhcyB8IFNlbGVjdC1PYmplY3QgLUV4cGFuZFByb3BlcnR5IGlmSW5kZXgKCiAgICAkYWRhcHRlcl9jb25maWcgPSBHZXQtV21pT2JqZWN0IFdpbjMyX05ldHdvcmtBZGFwdGVyQ29uZmlndXJhdGlvbiAtRmlsdGVyICJJbmRleD0kaWR4IgoKICAgIHJldHVybiBAKAogICAgICAgICMgSVB2NCB2YWx1ZXMKICAgICAgICBbUFNDdXN0b21PYmplY3RdQHtJbnRlcmZhY2VBbGlhcz0kSW50ZXJmYWNlQWxpYXM7SW50ZXJmYWNlSW5kZXg9JGlkeDtBZGRyZXNzRmFtaWx5PTI7U2VydmVyQWRkcmVzc2VzPSRhZGFwdGVyX2NvbmZpZy5ETlNTZXJ2ZXJTZWFyY2hPcmRlcn07CiAgICAgICAgIyBJUHY2LCBvbmx5IGhlcmUgZm9yIGNvbXBsZXRlbmVzcyBzaW5jZSB3ZSBkb24ndCBzdXBwb3J0IGl0IHlldAogICAgICAgIFtQU0N1c3RvbU9iamVjdF1Ae0ludGVyZmFjZUFsaWFzPSRJbnRlcmZhY2VBbGlhcztJbnRlcmZhY2VJbmRleD0kaWR4O0FkZHJlc3NGYW1pbHk9MjM7U2VydmVyQWRkcmVzc2VzPUAoKX07CiAgICApCn0KCklmKC1ub3QgJChHZXQtQ29tbWFuZCBHZXQtRG5zQ2xpZW50U2VydmVyQWRkcmVzcyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZSkpIHsKICAgIE5ldy1BbGlhcyBHZXQtRG5zQ2xpZW50U2VydmVyQWRkcmVzcyBHZXQtRG5zQ2xpZW50U2VydmVyQWRkcmVzc0xlZ2FjeQp9CgojIG1pbmltYWwgaW1wbCBvZiBTZXQtRG5zQ2xpZW50U2VydmVyQWRkcmVzcyBmb3IgMjAwOC8yMDA4UjIKRnVuY3Rpb24gU2V0LURuc0NsaWVudFNlcnZlckFkZHJlc3NMZWdhY3kgewogICAgUGFyYW0oCiAgICAgICAgW3N0cmluZ10kSW50ZXJmYWNlQWxpYXMsCiAgICAgICAgW0FycmF5XSRTZXJ2ZXJBZGRyZXNzZXM9QCgpLAogICAgICAgIFtzd2l0Y2hdJFJlc2V0U2VydmVyQWRkcmVzc2VzCiAgICApCgogICAgJGlkeCA9IEdldC1OZXRBZGFwdGVyIC1OYW1lICRJbnRlcmZhY2VBbGlhcyB8IFNlbGVjdC1PYmplY3QgLUV4cGFuZFByb3BlcnR5IGlmSW5kZXgKCiAgICAkYWRhcHRlcl9jb25maWcgPSBHZXQtV21pT2JqZWN0IFdpbjMyX05ldHdvcmtBZGFwdGVyQ29uZmlndXJhdGlvbiAtRmlsdGVyICJJbmRleD0kaWR4IgoKICAgIElmKCRSZXNldFNlcnZlckFkZHJlc3NlcykgewogICAgICAgICRyZXMgPSAkYWRhcHRlcl9jb25maWcuU2V0RE5TU2VydmVyU2VhcmNoT3JkZXIoKQogICAgfQogICAgRWxzZSB7CiAgICAgICAgJHJlcyA9ICRhZGFwdGVyX2NvbmZpZy5TZXRETlNTZXJ2ZXJTZWFyY2hPcmRlcigkU2VydmVyQWRkcmVzc2VzKQogICAgfQoKICAgIElmKCRyZXMuUmV0dXJuVmFsdWUgLW5lIDApIHsKICAgICAgICB0aHJvdyAiU2V0LURuc0NsaWVudFNlcnZlckFkZHJlc3NMZWdhY3k6IEVycm9yIGNhbGxpbmcgU2V0RE5TU2VydmVyU2VhcmNoT3JkZXIsIGNvZGUgJCgkcmVzLlJldHVyblZhbHVlKSkiCiAgICB9Cn0KCklmKC1ub3QgJChHZXQtQ29tbWFuZCBTZXQtRG5zQ2xpZW50U2VydmVyQWRkcmVzcyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZSkpIHsKICAgIE5ldy1BbGlhcyBTZXQtRG5zQ2xpZW50U2VydmVyQWRkcmVzcyBTZXQtRG5zQ2xpZW50U2VydmVyQWRkcmVzc0xlZ2FjeQp9CgpGdW5jdGlvbiBHZXQtRG5zQ2xpZW50TWF0Y2ggewogICAgUGFyYW0oCiAgICAgICAgW3N0cmluZ10gJGFkYXB0ZXJfbmFtZSwKICAgICAgICBbc3RyaW5nW11dICRpcHY0X2FkZHJlc3NlcwogICAgKQoKICAgIFdyaXRlLURlYnVnTG9nICgiR2V0dGluZyBETlMgY29uZmlnIGZvciBhZGFwdGVyIHswfSIgLWYgJGFkYXB0ZXJfbmFtZSkKCiAgICAkY3VycmVudF9kbnNfYWxsID0gR2V0LURuc0NsaWVudFNlcnZlckFkZHJlc3MgLUludGVyZmFjZUFsaWFzICRhZGFwdGVyX25hbWUKCiAgICBXcml0ZS1EZWJ1Z0xvZyAoIkN1cnJlbnQgRE5TIHNldHRpbmdzOiAiICsgJCgkY3VycmVudF9kbnNfYWxsIHwgT3V0LVN0cmluZykpCgogICAgJGN1cnJlbnRfZG5zX3Y0ID0gKCRjdXJyZW50X2Ruc19hbGwgfCBXaGVyZS1PYmplY3QgQWRkcmVzc0ZhbWlseSAtZXEgMiA8IyBJUHY0ICM+KS5TZXJ2ZXJBZGRyZXNzZXMKCiAgICBJZiAoKCRjdXJyZW50X2Ruc192NCAtZXEgJG51bGwpIC1hbmQgKCRpcHY0X2FkZHJlc3NlcyAtZXEgJG51bGwpKSB7CiAgICAgICAgJHY0X21hdGNoID0gJFRydWUKICAgIH0KCiAgICBFbHNlSWYgKCgkY3VycmVudF9kbnNfdjQgLWVxICRudWxsKSAtb3IgKCRpcHY0X2FkZHJlc3NlcyAtZXEgJG51bGwpKSB7CiAgICAgICAgJHY0X21hdGNoID0gJEZhbHNlCiAgICB9CgogICAgRWxzZSB7CiAgICAgICAgJHY0X21hdGNoID0gQChDb21wYXJlLU9iamVjdCAkY3VycmVudF9kbnNfdjQgJGlwdjRfYWRkcmVzc2VzIC1TeW5jV2luZG93IDApLkNvdW50IC1lcSAwCiAgICB9CgogICAgIyBUT0RPOiBpbXBsZW1lbnQgSVB2NgoKICAgIFdyaXRlLURlYnVnTG9nICgiQ3VycmVudCBETlMgc2V0dGluZ3MgbWF0Y2ggKHswfSkgOiB7MX0iIC1mICgkaXB2NF9hZGRyZXNzZXMgLWpvaW4gIiwgIiksICR2NF9tYXRjaCkKCiAgICByZXR1cm4gJHY0X21hdGNoCn0KCkZ1bmN0aW9uIFZhbGlkYXRlLUlQQWRkcmVzcyB7CiAgICBQYXJhbShbc3RyaW5nXSAkYWRkcmVzcykKCiAgICAkYWRkcm91dCA9ICRudWxsCgogICAgcmV0dXJuIFtTeXN0ZW0uTmV0LklQQWRkcmVzc106OlRyeVBhcnNlKCRhZGRyZXNzLCBbcmVmXSAkYWRkcm91dCkKfQoKRnVuY3Rpb24gU2V0LURuc0NsaWVudEFkZHJlc3Nlcwp7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSAkYWRhcHRlcl9uYW1lLAogICAgICAgIFtzdHJpbmdbXV0gJGlwdjRfYWRkcmVzc2VzCiAgICApCgogICAgV3JpdGUtRGVidWdMb2cgKCJTZXR0aW5nIEROUyBhZGRyZXNzZXMgZm9yIGFkYXB0ZXIgezB9IHRvICh7MX0pIiAtZiAkYWRhcHRlcl9uYW1lLCAoJGlwdjRfYWRkcmVzc2VzIC1qb2luICIsICIpKQogICAgCiAgICBJZiAoJGlwdjRfYWRkcmVzc2VzIC1lcSAkbnVsbCkgewogICAgICAgIFNldC1EbnNDbGllbnRTZXJ2ZXJBZGRyZXNzIC1JbnRlcmZhY2VBbGlhcyAkYWRhcHRlcl9uYW1lIC1SZXNldFNlcnZlckFkZHJlc3MKICAgIH0KCiAgICBFbHNlIHsKICAgICMgdGhpcyBzaWxlbnRseSBpZ25vcmVzIGludmFsaWQgSVBzLCBzbyB3ZSB2YWxpZGF0ZSBwYXJzZWFiaWxpdHkgb3Vyc2VsdmVzIHVwIGZyb250Li4uCiAgICAgICAgU2V0LURuc0NsaWVudFNlcnZlckFkZHJlc3MgLUludGVyZmFjZUFsaWFzICRhZGFwdGVyX25hbWUgLVNlcnZlckFkZHJlc3NlcyAkaXB2NF9hZGRyZXNzZXMKICAgIH0KICAgIAogICAgIyBUT0RPOiBpbXBsZW1lbnQgSVB2Ngp9CgokcmVzdWx0ID0gQHtjaGFuZ2VkPSRmYWxzZX0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzIC1hcmd1bWVudHMgJGFyZ3MgLXN1cHBvcnRzX2NoZWNrX21vZGUgJHRydWUKCiRhZGFwdGVyX25hbWVzID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJhZGFwdGVyX25hbWVzIiAtRGVmYXVsdCAiKiIKJGlwdjRfYWRkcmVzc2VzID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJpcHY0X2FkZHJlc3NlcyIgLUZhaWxJZkVtcHR5ICRyZXN1bHQKCklmKCRpcHY0X2FkZHJlc3NlcyAtaXMgW3N0cmluZ10pIHsKICAgIElmKCRpcHY0X2FkZHJlc3Nlcy5MZW5ndGggLWd0IDApIHsKICAgICAgICAkaXB2NF9hZGRyZXNzID0gQCgkaXB2NF9hZGRyZXNzZXMpCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkaXB2NF9hZGRyZXNzZXMgPSBAKCkKICAgIH0KfQoKJGdsb2JhbDpsb2dfcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gJHBhcmFtcyAibG9nX3BhdGgiCiRjaGVja19tb2RlID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJfYW5zaWJsZV9jaGVja19tb2RlIiAtRGVmYXVsdCAkZmFsc2UKClRyeSB7CgogICAgV3JpdGUtRGVidWdMb2cgKCJWYWxpZGF0aW5nIGFkYXB0ZXIgbmFtZSB7MH0iIC1mICRhZGFwdGVyX25hbWVzKQoKICAgICRhZGFwdGVycyA9IEAoJGFkYXB0ZXJfbmFtZXMpCgogICAgSWYoJGFkYXB0ZXJfbmFtZXMgLWVxICIqIikgewogICAgICAgICRhZGFwdGVycyA9IEdldC1OZXRBZGFwdGVyIHwgU2VsZWN0LU9iamVjdCAtRXhwYW5kUHJvcGVydHkgTmFtZQogICAgfQogICAgIyBUT0RPOiBhZGQgc3VwcG9ydCBmb3IgYW4gYWN0dWFsIGxpc3Qgb2YgYWRhcHRlciBuYW1lcwogICAgIyB2YWxpZGF0ZSBuZXR3b3JrIGFkYXB0ZXIgbmFtZXMKICAgIEVsc2VJZihAKEdldC1OZXRBZGFwdGVyIHwgV2hlcmUtT2JqZWN0IE5hbWUgLWVxICRhZGFwdGVyX25hbWVzKS5Db3VudCAtZXEgMCkgewogICAgICAgIHRocm93ICJJbnZhbGlkIG5ldHdvcmsgYWRhcHRlciBuYW1lOiB7MH0iIC1mICRhZGFwdGVyX25hbWVzCiAgICB9CgogICAgV3JpdGUtRGVidWdMb2cgKCJWYWxpZGF0aW5nIElQIGFkZHJlc3NlcyAoezB9KSIgLWYgKCRpcHY0X2FkZHJlc3NlcyAtam9pbiAiLCAiKSkKCiAgICAkaW52YWxpZF9hZGRyZXNzZXMgPSBAKCRpcHY0X2FkZHJlc3NlcyB8ID8geyAtbm90IChWYWxpZGF0ZS1JUEFkZHJlc3MgJF8pIH0pCgogICAgSWYoJGludmFsaWRfYWRkcmVzc2VzLkNvdW50IC1ndCAwKSB7CiAgICAgICAgdGhyb3cgIkludmFsaWQgSVAgYWRkcmVzcyhlcyk6ICh7MH0pIiAtZiAoJGludmFsaWRfYWRkcmVzc2VzIC1qb2luICIsICIpCiAgICB9CgogICAgRm9yRWFjaCgkYWRhcHRlcl9uYW1lIGluICRhZGFwdGVycykgewogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICRyZXN1bHQuY2hhbmdlZCAtb3IgKC1ub3QgKEdldC1EbnNDbGllbnRNYXRjaCAkYWRhcHRlcl9uYW1lICRpcHY0X2FkZHJlc3NlcykpCgogICAgICAgIElmKCRyZXN1bHQuY2hhbmdlZCkgewogICAgICAgICAgICBJZigtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICAgICBTZXQtRG5zQ2xpZW50QWRkcmVzc2VzICRhZGFwdGVyX25hbWUgJGlwdjRfYWRkcmVzc2VzCiAgICAgICAgICAgIH0KICAgICAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICAgICBXcml0ZS1EZWJ1Z0xvZyAiQ2hlY2sgbW9kZSwgc2tpcHBpbmciCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CgogICAgRXhpdC1Kc29uICRyZXN1bHQKCn0KQ2F0Y2ggewogICAgJGV4Y2VwID0gJF8KCiAgICBXcml0ZS1EZWJ1Z0xvZyAiRXhjZXB0aW9uOiAkKCRleGNlcCB8IG91dC1zdHJpbmcpIgoKICAgIFRocm93Cn0KCg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_dns_client", "_ansible_remote_tmp": "%TEMP%", "_ansible_keep_remote_files": false, "_ansible_verbosity": 2, "ipv4_addresses": ["10.222.0.93", "8.8.8.8", "4.4.4.4"], "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_diff": false, "adapter_names": "Ethernet 2", "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 4e177f44-fa84-4b7f-b248-d7f5e8584e3d Path:	4104	1		3	2	15	0	1533	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	2828	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:53 PM	9d04040e-981f-0004-c219-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIH ScriptBlock ID: 4e177f44-fa84-4b7f-b248-d7f5e8584e3d Path:	4104	1		3	2	15	0	1532	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	2828	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:53 PM	9d04040e-981f-0004-c219-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1531	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	1920	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:53 PM	9d04040e-981f-0002-db0d-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3516 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1530	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	1652	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:53 PM	9d04040e-981f-0002-db0d-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1529	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3516	1920	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:53 PM	9d04040e-981f-0002-db0d-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetUDPSetting' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetUDPSetting { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetUDPSetting')] param( [Parameter(ParameterSetName='ByName', Position=0)] [ValidateNotNull()] [uint16[]] ${DynamicPortRangeStartPort}, [Parameter(ParameterSetName='ByName', Position=1)] [ValidateNotNull()] [uint16[]] ${DynamicPortRangeNumberOfPorts}, [Parameter(ParameterSetName='ByName')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('DynamicPortRangeStartPort') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DynamicPortRangeStartPort}) $__cmdletization_queryBuilder.FilterByProperty('DynamicPortRangeStartPort', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('DynamicPortRangeNumberOfPorts') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DynamicPortRangeNumberOfPorts}) $__cmdletization_queryBuilder.FilterByProperty('DynamicPortRangeNumberOfPorts', $__cmdletization_values, $false, 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetUDPSetting.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetUDPSetting' -Alias '*' function Set-NetUDPSetting { [CmdletBinding(DefaultParameterSetName='InputObject (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetUDPSetting')] param( [Parameter(ParameterSetName='InputObject (cdxml)', ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetUDPSetting')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='InputObject (cdxml)')] [uint16] ${DynamicPortRangeStartPort}, [Parameter(ParameterSetName='InputObject (cdxml)')] [uint16] ${DynamicPortRangeNumberOfPorts}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DynamicPortRangeStartPort')) { [object]$__cmdletization_value = ${DynamicPortRangeStartPort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DynamicPortRangeStartPort'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DynamicPortRangeStartPort'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DynamicPortRangeNumberOfPorts')) { [object]$__cmdletization_value = ${DynamicPortRangeNumberOfPorts} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DynamicPortRangeNumberOfPorts'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DynamicPortRangeNumberOfPorts'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetUDPSetting.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetUDPSetting' -Alias '*' ScriptBlock ID: 3dc3ab34-5b0c-4333-a9f7-aab754cfb2e2 Path:	4104	1		3	2	15	0	1528	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:52 PM	9d04040e-981f-0004-ab19-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetUDPEndpoint' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetUDPEndpoint { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetUDPEndpoint')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('IPAddress')] [ValidateNotNull()] [string[]] ${LocalAddress}, [Parameter(ParameterSetName='ByName', Position=1)] [ValidateNotNull()] [uint16[]] ${LocalPort}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint32[]] ${OwningProcess}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [datetime[]] ${CreationTime}, [Parameter(ParameterSetName='ByName')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('LocalAddress') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LocalAddress}) $__cmdletization_queryBuilder.FilterByProperty('LocalAddress', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('LocalPort') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LocalPort}) $__cmdletization_queryBuilder.FilterByProperty('LocalPort', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('OwningProcess') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${OwningProcess}) $__cmdletization_queryBuilder.FilterByProperty('OwningProcess', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('CreationTime') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${CreationTime}) $__cmdletization_queryBuilder.FilterByProperty('CreationTime', $__cmdletization_values, $false, 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetUDPEndpoint.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetUDPEndpoint' -Alias '*' ScriptBlock ID: 619a04fa-d1a1-425b-8dc8-87e83fb96fdd Path:	4104	1		3	2	15	0	1527	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:52 PM	9d04040e-981f-0004-a819-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): } if ($PSBoundParameters.ContainsKey('AssociatedTCPSetting') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedTCPSetting}, 'MSFT_NetTransportFilterTCPSetting', 'Dependent', 'Antecedent', 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetTransportFilter.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetTransportFilter' -Alias '*' function Remove-NetTransportFilter { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='High', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetTransportFilter')] param( [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [string[]] ${SettingName}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTransportFilter.Protocol[]] ${Protocol}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint16[]] ${LocalPortStart}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint16[]] ${LocalPortEnd}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint16[]] ${RemotePortStart}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint16[]] ${RemotePortEnd}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [string[]] ${DestinationPrefix}, [Parameter(ParameterSetName='ByName', ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetTCPSetting')] [ValidateNotNull()] [ciminstance] ${AssociatedTCPSetting}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetTransportFilter')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('SettingName') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${SettingName}) $__cmdletization_queryBuilder.FilterByProperty('SettingName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Protocol') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Protocol}) $__cmdletization_queryBuilder.FilterByProperty('Protocol', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('LocalPortStart') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LocalPortStart}) $__cmdletization_queryBuilder.FilterByProperty('LocalPortStart', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('LocalPortEnd') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LocalPortEnd}) $__cmdletization_queryBuilder.FilterByProperty('LocalPortEnd', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RemotePortStart') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemotePortStart}) $__cmdletization_queryBuilder.FilterByProperty('RemotePortStart', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RemotePortEnd') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemotePortEnd}) $__cmdletization_queryBuilder.FilterByProperty('RemotePortEnd', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('DestinationPrefix') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DestinationPrefix}) $__cmdletization_queryBuilder.FilterByProperty('DestinationPrefix', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedTCPSetting') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedTCPSetting}, 'MSFT_NetTransportFilterTCPSetting', 'Dependent', 'Antecedent', 'Default') } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetTransportFilter.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetTransportFilter' -Alias '*' ScriptBlock ID: 16d145db-da22-4ea9-9fcc-2fb703b742e0 Path:	4104	1		3	2	15	0	1526	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:52 PM	9d04040e-981f-0004-a319-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetTransportFilter' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function New-NetTransportFilter { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] param( [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [string] ${SettingName}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTransportFilter.Protocol] ${Protocol}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint16] ${LocalPortStart}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint16] ${LocalPortEnd}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint16] ${RemotePortStart}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint16] ${RemotePortEnd}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${DestinationPrefix}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SettingName')) { [object]$__cmdletization_value = ${SettingName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SettingName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SettingName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Protocol')) { [object]$__cmdletization_value = ${Protocol} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Protocol'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTransportFilter.Protocol'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Protocol'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTransportFilter.Protocol'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalPortStart')) { [object]$__cmdletization_value = ${LocalPortStart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalPortStart'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalPortStart'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalPortEnd')) { [object]$__cmdletization_value = ${LocalPortEnd} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalPortEnd'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalPortEnd'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemotePortStart')) { [object]$__cmdletization_value = ${RemotePortStart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemotePortStart'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemotePortStart'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemotePortEnd')) { [object]$__cmdletization_value = ${RemotePortEnd} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemotePortEnd'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemotePortEnd'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DestinationPrefix')) { [object]$__cmdletization_value = ${DestinationPrefix} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DestinationPrefix'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DestinationPrefix'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:CreateInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetTransportFilter.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'New-NetTransportFilter' -Alias '*' function Get-NetTransportFilter { [CmdletBinding(PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetTransportFilter')] param( [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [string[]] ${SettingName}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTransportFilter.Protocol[]] ${Protocol}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint16[]] ${LocalPortStart}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint16[]] ${LocalPortEnd}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint16[]] ${RemotePortStart}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint16[]] ${RemotePortEnd}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [string[]] ${DestinationPrefix}, [Parameter(ParameterSetName='ByName', ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetTCPSetting')] [ValidateNotNull()] [ciminstance] ${AssociatedTCPSetting}, [Parameter(ParameterSetName='ByName')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('SettingName') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${SettingName}) $__cmdletization_queryBuilder.FilterByProperty('SettingName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Protocol') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Protocol}) $__cmdletization_queryBuilder.FilterByProperty('Protocol', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('LocalPortStart') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LocalPortStart}) $__cmdletization_queryBuilder.FilterByProperty('LocalPortStart', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('LocalPortEnd') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LocalPortEnd}) $__cmdletization_queryBuilder.FilterByProperty('LocalPortEnd', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RemotePortStart') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemotePortStart}) $__cmdletization_queryBuilder.FilterByProperty('RemotePortStart', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RemotePortEnd') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemotePortEnd}) $__cmdletization_queryBuilder.FilterByProperty('RemotePortEnd', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('DestinationPrefix') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DestinationPrefix}) $__cmdletization_queryBuilder.FilterByProperty('DestinationPrefix', $__cmdletization_values, $true, 'Default') ScriptBlock ID: 16d145db-da22-4ea9-9fcc-2fb703b742e0 Path:	4104	1		3	2	15	0	1525	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:52 PM	9d04040e-981f-0004-a319-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): tem.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScalingHeuristics')) { [object]$__cmdletization_value = ${ScalingHeuristics} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScalingHeuristics'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.ScalingHeuristics'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScalingHeuristics'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.ScalingHeuristics'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DynamicPortRangeStartPort')) { [object]$__cmdletization_value = ${DynamicPortRangeStartPort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DynamicPortRangeStartPort'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DynamicPortRangeStartPort'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DynamicPortRangeNumberOfPorts')) { [object]$__cmdletization_value = ${DynamicPortRangeNumberOfPorts} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DynamicPortRangeNumberOfPorts'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DynamicPortRangeNumberOfPorts'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AutomaticUseCustom')) { [object]$__cmdletization_value = ${AutomaticUseCustom} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AutomaticUseCustom'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.AutomaticUseCustom'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AutomaticUseCustom'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.AutomaticUseCustom'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NonSackRttResiliency')) { [object]$__cmdletization_value = ${NonSackRttResiliency} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NonSackRttResiliency'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.NonSackRttResiliency'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NonSackRttResiliency'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.NonSackRttResiliency'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ForceWS')) { [object]$__cmdletization_value = ${ForceWS} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ForceWS'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.ForceWS'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ForceWS'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.ForceWS'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxSynRetransmissions')) { [object]$__cmdletization_value = ${MaxSynRetransmissions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxSynRetransmissions'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxSynRetransmissions'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AutoReusePortRangeStartPort')) { [object]$__cmdletization_value = ${AutoReusePortRangeStartPort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AutoReusePortRangeStartPort'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AutoReusePortRangeStartPort'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AutoReusePortRangeNumberOfPorts')) { [object]$__cmdletization_value = ${AutoReusePortRangeNumberOfPorts} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AutoReusePortRangeNumberOfPorts'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AutoReusePortRangeNumberOfPorts'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetTCPSetting.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetTCPSetting' -Alias '*' ScriptBlock ID: d1b4c074-e115-4b95-bc2d-b879c40b7a8a Path:	4104	1		3	2	15	0	1524	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:52 PM	9d04040e-981f-0004-9f19-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): ion_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('SettingName') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${SettingName}) $__cmdletization_queryBuilder.FilterByProperty('SettingName', $__cmdletization_values, $true, 'Default') } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MinRtoMs')) { [object]$__cmdletization_value = ${MinRtoMs} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MinRto'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MinRto'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InitialCongestionWindowMss')) { [object]$__cmdletization_value = ${InitialCongestionWindowMss} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InitialCongestionWindow'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InitialCongestionWindow'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('CongestionProvider')) { [object]$__cmdletization_value = ${CongestionProvider} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CongestionProvider'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.CongestionProvider'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CongestionProvider'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.CongestionProvider'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('CwndRestart')) { [object]$__cmdletization_value = ${CwndRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CwndRestart'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.CwndRestart'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CwndRestart'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.CwndRestart'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DelayedAckTimeoutMs')) { [object]$__cmdletization_value = ${DelayedAckTimeoutMs} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DelayedAckTimeout'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DelayedAckTimeout'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DelayedAckFrequency')) { [object]$__cmdletization_value = ${DelayedAckFrequency} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DelayedAckFrequency'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DelayedAckFrequency'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MemoryPressureProtection')) { [object]$__cmdletization_value = ${MemoryPressureProtection} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MemoryPressureProtection'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.MemoryPressureProtection'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MemoryPressureProtection'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.MemoryPressureProtection'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AutoTuningLevelLocal')) { [object]$__cmdletization_value = ${AutoTuningLevelLocal} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AutoTuningLevelLocal'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.AutoTuningLevelLocal'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AutoTuningLevelLocal'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.AutoTuningLevelLocal'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EcnCapability')) { [object]$__cmdletization_value = ${EcnCapability} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EcnCapability'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.EcnCapability'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EcnCapability'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.EcnCapability'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Timestamps')) { [object]$__cmdletization_value = ${Timestamps} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Timestamps'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.Timestamps'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Timestamps'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.Timestamps'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InitialRtoMs')) { [object]$__cmdletization_value = ${InitialRtoMs} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InitialRto'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InitialRto'; ParameterType = 'Sys ScriptBlock ID: d1b4c074-e115-4b95-bc2d-b879c40b7a8a Path:	4104	1		3	2	15	0	1523	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:52 PM	9d04040e-981f-0004-9f19-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): ility}) $__cmdletization_queryBuilder.FilterByProperty('EcnCapability', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Timestamps') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Timestamps}) $__cmdletization_queryBuilder.FilterByProperty('Timestamps', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InitialRtoMs') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InitialRtoMs}) $__cmdletization_queryBuilder.FilterByProperty('InitialRto', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ScalingHeuristics') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ScalingHeuristics}) $__cmdletization_queryBuilder.FilterByProperty('ScalingHeuristics', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('DynamicPortRangeStartPort') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DynamicPortRangeStartPort}) $__cmdletization_queryBuilder.FilterByProperty('DynamicPortRangeStartPort', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('DynamicPortRangeNumberOfPorts') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DynamicPortRangeNumberOfPorts}) $__cmdletization_queryBuilder.FilterByProperty('DynamicPortRangeNumberOfPorts', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AutomaticUseCustom') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AutomaticUseCustom}) $__cmdletization_queryBuilder.FilterByProperty('AutomaticUseCustom', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('NonSackRttResiliency') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${NonSackRttResiliency}) $__cmdletization_queryBuilder.FilterByProperty('NonSackRttResiliency', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ForceWS') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForceWS}) $__cmdletization_queryBuilder.FilterByProperty('ForceWS', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MaxSynRetransmissions') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MaxSynRetransmissions}) $__cmdletization_queryBuilder.FilterByProperty('MaxSynRetransmissions', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AutoReusePortRangeStartPort') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AutoReusePortRangeStartPort}) $__cmdletization_queryBuilder.FilterByProperty('AutoReusePortRangeStartPort', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AutoReusePortRangeNumberOfPorts') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AutoReusePortRangeNumberOfPorts}) $__cmdletization_queryBuilder.FilterByProperty('AutoReusePortRangeNumberOfPorts', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedTransportFilter') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedTransportFilter}, 'MSFT_NetTransportFilterTCPSetting', 'Antecedent', 'Dependent', 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetTCPSetting.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetTCPSetting' -Alias '*' function Set-NetTCPSetting { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetTCPSetting')] param( [Parameter(ParameterSetName='ByName', Position=0)] [ValidateNotNull()] [string[]] ${SettingName}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetTCPSetting')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('MinRto')] [uint32] ${MinRtoMs}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('InitialCongestionWindow')] [uint32] ${InitialCongestionWindowMss}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.CongestionProvider] ${CongestionProvider}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.CwndRestart] ${CwndRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('DelayedAckTimeout')] [uint32] ${DelayedAckTimeoutMs}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [byte] ${DelayedAckFrequency}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.MemoryPressureProtection] ${MemoryPressureProtection}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.AutoTuningLevelLocal] ${AutoTuningLevelLocal}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.EcnCapability] ${EcnCapability}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.Timestamps] ${Timestamps}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('InitialRto')] [uint32] ${InitialRtoMs}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.ScalingHeuristics] ${ScalingHeuristics}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint16] ${DynamicPortRangeStartPort}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint16] ${DynamicPortRangeNumberOfPorts}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.AutomaticUseCustom] ${AutomaticUseCustom}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.NonSackRttResiliency] ${NonSackRttResiliency}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.ForceWS] ${ForceWS}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [byte] ${MaxSynRetransmissions}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint16] ${AutoReusePortRangeStartPort}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint16] ${AutoReusePortRangeNumberOfPorts}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletizat ScriptBlock ID: d1b4c074-e115-4b95-bc2d-b879c40b7a8a Path:	4104	1		3	2	15	0	1522	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:52 PM	9d04040e-981f-0004-9f19-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetTCPSetting' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetTCPSetting { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetTCPSetting')] param( [Parameter(ParameterSetName='ByName', Position=0)] [ValidateNotNull()] [string[]] ${SettingName}, [Parameter(ParameterSetName='ByName')] [Alias('MinRto')] [ValidateNotNull()] [uint32[]] ${MinRtoMs}, [Parameter(ParameterSetName='ByName')] [Alias('InitialCongestionWindow')] [ValidateNotNull()] [uint32[]] ${InitialCongestionWindowMss}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.CongestionProvider[]] ${CongestionProvider}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.CwndRestart[]] ${CwndRestart}, [Parameter(ParameterSetName='ByName')] [Alias('DelayedAckTimeout')] [ValidateNotNull()] [uint32[]] ${DelayedAckTimeoutMs}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [byte[]] ${DelayedAckFrequency}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.MemoryPressureProtection[]] ${MemoryPressureProtection}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.AutoTuningLevelLocal[]] ${AutoTuningLevelLocal}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.AutoTuningLevelGroupPolicy[]] ${AutoTuningLevelGroupPolicy}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.AutoTuningLevelEffective[]] ${AutoTuningLevelEffective}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.EcnCapability[]] ${EcnCapability}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.Timestamps[]] ${Timestamps}, [Parameter(ParameterSetName='ByName')] [Alias('InitialRto')] [ValidateNotNull()] [uint32[]] ${InitialRtoMs}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.ScalingHeuristics[]] ${ScalingHeuristics}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint16[]] ${DynamicPortRangeStartPort}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint16[]] ${DynamicPortRangeNumberOfPorts}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.AutomaticUseCustom[]] ${AutomaticUseCustom}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.NonSackRttResiliency[]] ${NonSackRttResiliency}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.ForceWS[]] ${ForceWS}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [byte[]] ${MaxSynRetransmissions}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint16[]] ${AutoReusePortRangeStartPort}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint16[]] ${AutoReusePortRangeNumberOfPorts}, [Parameter(ParameterSetName='ByName', ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetTransportFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedTransportFilter}, [Parameter(ParameterSetName='ByName')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('SettingName') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${SettingName}) $__cmdletization_queryBuilder.FilterByProperty('SettingName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('MinRtoMs') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MinRtoMs}) $__cmdletization_queryBuilder.FilterByProperty('MinRto', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InitialCongestionWindowMss') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InitialCongestionWindowMss}) $__cmdletization_queryBuilder.FilterByProperty('InitialCongestionWindow', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('CongestionProvider') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${CongestionProvider}) $__cmdletization_queryBuilder.FilterByProperty('CongestionProvider', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('CwndRestart') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${CwndRestart}) $__cmdletization_queryBuilder.FilterByProperty('CwndRestart', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('DelayedAckTimeoutMs') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DelayedAckTimeoutMs}) $__cmdletization_queryBuilder.FilterByProperty('DelayedAckTimeout', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('DelayedAckFrequency') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DelayedAckFrequency}) $__cmdletization_queryBuilder.FilterByProperty('DelayedAckFrequency', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MemoryPressureProtection') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MemoryPressureProtection}) $__cmdletization_queryBuilder.FilterByProperty('MemoryPressureProtection', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AutoTuningLevelLocal') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AutoTuningLevelLocal}) $__cmdletization_queryBuilder.FilterByProperty('AutoTuningLevelLocal', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AutoTuningLevelGroupPolicy') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AutoTuningLevelGroupPolicy}) $__cmdletization_queryBuilder.FilterByProperty('AutoTuningLevelGroupPolicy', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AutoTuningLevelEffective') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AutoTuningLevelEffective}) $__cmdletization_queryBuilder.FilterByProperty('AutoTuningLevelEffective', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EcnCapability') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EcnCapab ScriptBlock ID: d1b4c074-e115-4b95-bc2d-b879c40b7a8a Path:	4104	1		3	2	15	0	1521	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:52 PM	9d04040e-981f-0004-9f19-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetTCPConnection' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetTCPConnection { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetTCPConnection')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('IPAddress')] [ValidateNotNull()] [string[]] ${LocalAddress}, [Parameter(ParameterSetName='ByName', Position=1)] [ValidateNotNull()] [uint16[]] ${LocalPort}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [string[]] ${RemoteAddress}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint16[]] ${RemotePort}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPConnection.State[]] ${State}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPConnection.AppliedSetting[]] ${AppliedSetting}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint32[]] ${OwningProcess}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [datetime[]] ${CreationTime}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPConnection.OffloadState[]] ${OffloadState}, [Parameter(ParameterSetName='ByName')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('LocalAddress') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LocalAddress}) $__cmdletization_queryBuilder.FilterByProperty('LocalAddress', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('LocalPort') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LocalPort}) $__cmdletization_queryBuilder.FilterByProperty('LocalPort', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RemoteAddress') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemoteAddress}) $__cmdletization_queryBuilder.FilterByProperty('RemoteAddress', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('RemotePort') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemotePort}) $__cmdletization_queryBuilder.FilterByProperty('RemotePort', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('State') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${State}) $__cmdletization_queryBuilder.FilterByProperty('State', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AppliedSetting') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AppliedSetting}) $__cmdletization_queryBuilder.FilterByProperty('AppliedSetting', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('OwningProcess') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${OwningProcess}) $__cmdletization_queryBuilder.FilterByProperty('OwningProcess', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('CreationTime') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${CreationTime}) $__cmdletization_queryBuilder.FilterByProperty('CreationTime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('OffloadState') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${OffloadState}) $__cmdletization_queryBuilder.FilterByProperty('OffloadState', $__cmdletization_values, $false, 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetTCPConnection.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetTCPConnection' -Alias '*' ScriptBlock ID: 3e87f8f7-25d9-40d0-95bc-2baf97cd8a43 Path:	4104	1		3	2	15	0	1520	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:52 PM	9d04040e-981f-0004-9c19-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): letization.GeneratedTypes.NetRoute.Publish[]] ${Publish}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint16[]] ${RouteMetric}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Protocol[]] ${Protocol}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint32[]] ${CompartmentId}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [timespan[]] ${ValidLifetime}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [timespan[]] ${PreferredLifetime}, [Parameter(ParameterSetName='ByName', ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIPInterface')] [ValidateNotNull()] [ciminstance] ${AssociatedIPInterface}, [Parameter(ParameterSetName='ByName')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [switch] ${IncludeAllCompartments}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetRoute')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('DestinationPrefix') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DestinationPrefix}) $__cmdletization_queryBuilder.FilterByProperty('DestinationPrefix', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceIndex') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceIndex}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceIndex', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceAlias') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceAlias}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceAlias', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('NextHop') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${NextHop}) $__cmdletization_queryBuilder.FilterByProperty('NextHop', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AddressFamily') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AddressFamily}) $__cmdletization_queryBuilder.FilterByProperty('AddressFamily', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Publish') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Publish}) $__cmdletization_queryBuilder.FilterByProperty('Publish', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RouteMetric') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RouteMetric}) $__cmdletization_queryBuilder.FilterByProperty('RouteMetric', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Protocol') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Protocol}) $__cmdletization_queryBuilder.FilterByProperty('Protocol', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('CompartmentId') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${CompartmentId}) $__cmdletization_queryBuilder.FilterByProperty('CompartmentId', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ValidLifetime') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ValidLifetime}) $__cmdletization_queryBuilder.FilterByProperty('ValidLifetime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PreferredLifetime') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PreferredLifetime}) $__cmdletization_queryBuilder.FilterByProperty('PreferredLifetime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedIPInterface') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedIPInterface}, 'MSFT_NetIPInterfaceRoute', 'Antecedent', 'Dependent', 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('IncludeAllCompartments') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeAllCompartments', ${IncludeAllCompartments}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetRoute.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetRoute' -Alias '*' ScriptBlock ID: b18a4a94-3c02-4f43-9aea-cb9d1e2314d4 Path:	4104	1		3	2	15	0	1519	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:52 PM	9d04040e-981f-0004-9519-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetRoute.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetRoute' -Alias '*' function Set-NetRoute { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetRoute')] param( [Parameter(ParameterSetName='ByName', Position=0)] [ValidateNotNull()] [string[]] ${DestinationPrefix}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Alias('ifIndex')] [ValidateNotNull()] [uint32[]] ${InterfaceIndex}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias')] [ValidateNotNull()] [string[]] ${InterfaceAlias}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [string[]] ${NextHop}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.AddressFamily[]] ${AddressFamily}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Protocol[]] ${Protocol}, [Parameter(ParameterSetName='ByName')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [switch] ${IncludeAllCompartments}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetRoute')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Publish] ${Publish}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint16] ${RouteMetric}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [timespan] ${ValidLifetime}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [timespan] ${PreferredLifetime}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('DestinationPrefix') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DestinationPrefix}) $__cmdletization_queryBuilder.FilterByProperty('DestinationPrefix', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceIndex') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceIndex}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceIndex', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceAlias') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceAlias}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceAlias', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('NextHop') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${NextHop}) $__cmdletization_queryBuilder.FilterByProperty('NextHop', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AddressFamily') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AddressFamily}) $__cmdletization_queryBuilder.FilterByProperty('AddressFamily', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Protocol') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Protocol}) $__cmdletization_queryBuilder.FilterByProperty('Protocol', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('IncludeAllCompartments') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeAllCompartments', ${IncludeAllCompartments}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Publish')) { [object]$__cmdletization_value = ${Publish} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Publish'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Publish'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Publish'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Publish'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RouteMetric')) { [object]$__cmdletization_value = ${RouteMetric} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RouteMetric'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RouteMetric'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ValidLifetime')) { [object]$__cmdletization_value = ${ValidLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ValidLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ValidLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PreferredLifetime')) { [object]$__cmdletization_value = ${PreferredLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PreferredLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PreferredLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetRoute.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetRoute' -Alias '*' function Remove-NetRoute { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='High', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetRoute')] param( [Parameter(ParameterSetName='ByName', Position=0)] [ValidateNotNull()] [string[]] ${DestinationPrefix}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Alias('ifIndex')] [ValidateNotNull()] [uint32[]] ${InterfaceIndex}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias')] [ValidateNotNull()] [string[]] ${InterfaceAlias}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [string[]] ${NextHop}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.AddressFamily[]] ${AddressFamily}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmd ScriptBlock ID: b18a4a94-3c02-4f43-9aea-cb9d1e2314d4 Path:	4104	1		3	2	15	0	1518	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:52 PM	9d04040e-981f-0004-9519-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): w() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceIndex')) { [object]$__cmdletization_value = ${InterfaceIndex} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceIndex'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceIndex'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalIPAddress')) { [object]$__cmdletization_value = ${LocalIPAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalIPAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalIPAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteIPAddress')) { [object]$__cmdletization_value = ${RemoteIPAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteIPAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteIPAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.UInt32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Find', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetRoute.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Find-NetRoute' -Alias '*' function Get-NetRoute { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetRoute')] param( [Parameter(ParameterSetName='ByName', Position=0)] [ValidateNotNull()] [string[]] ${DestinationPrefix}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Alias('ifIndex')] [ValidateNotNull()] [uint32[]] ${InterfaceIndex}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias')] [ValidateNotNull()] [string[]] ${InterfaceAlias}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [string[]] ${NextHop}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.AddressFamily[]] ${AddressFamily}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Publish[]] ${Publish}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint16[]] ${RouteMetric}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Protocol[]] ${Protocol}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint32[]] ${CompartmentId}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [timespan[]] ${ValidLifetime}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [timespan[]] ${PreferredLifetime}, [Parameter(ParameterSetName='ByName', ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIPInterface')] [ValidateNotNull()] [ciminstance] ${AssociatedIPInterface}, [Parameter(ParameterSetName='ByName')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [switch] ${IncludeAllCompartments}, [Parameter(ParameterSetName='ByName')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('DestinationPrefix') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DestinationPrefix}) $__cmdletization_queryBuilder.FilterByProperty('DestinationPrefix', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceIndex') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceIndex}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceIndex', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceAlias') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceAlias}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceAlias', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('NextHop') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${NextHop}) $__cmdletization_queryBuilder.FilterByProperty('NextHop', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AddressFamily') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AddressFamily}) $__cmdletization_queryBuilder.FilterByProperty('AddressFamily', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Publish') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Publish}) $__cmdletization_queryBuilder.FilterByProperty('Publish', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RouteMetric') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RouteMetric}) $__cmdletization_queryBuilder.FilterByProperty('RouteMetric', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Protocol') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Protocol}) $__cmdletization_queryBuilder.FilterByProperty('Protocol', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('CompartmentId') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${CompartmentId}) $__cmdletization_queryBuilder.FilterByProperty('CompartmentId', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ValidLifetime') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ValidLifetime}) $__cmdletization_queryBuilder.FilterByProperty('ValidLifetime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PreferredLifetime') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PreferredLifetime}) $__cmdletization_queryBuilder.FilterByProperty('PreferredLifetime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedIPInterface') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedIPInterface}, 'MSFT_NetIPInterfaceRoute', 'Antecedent', 'Dependent', 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('IncludeAllCompartments') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeAllCompartments', ${IncludeAllCompartments}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch ScriptBlock ID: b18a4a94-3c02-4f43-9aea-cb9d1e2314d4 Path:	4104	1		3	2	15	0	1517	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:52 PM	9d04040e-981f-0004-9519-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): etization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PreferredLifetime')) { [object]$__cmdletization_value = ${PreferredLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PreferredLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PreferredLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.UInt32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Create', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } { @('ByInterfaceIndex') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DestinationPrefix')) { [object]$__cmdletization_value = ${DestinationPrefix} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DestinationPrefix'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DestinationPrefix'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceIndex')) { [object]$__cmdletization_value = ${InterfaceIndex} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceIndex'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceIndex'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AddressFamily')) { [object]$__cmdletization_value = ${AddressFamily} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressFamily'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.AddressFamily'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressFamily'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.AddressFamily'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NextHop')) { [object]$__cmdletization_value = ${NextHop} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NextHop'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NextHop'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Publish')) { [object]$__cmdletization_value = ${Publish} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Publish'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Publish'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Publish'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Publish'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RouteMetric')) { [object]$__cmdletization_value = ${RouteMetric} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RouteMetric'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RouteMetric'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Protocol')) { [object]$__cmdletization_value = ${Protocol} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Protocol'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Protocol'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Protocol'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Protocol'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ValidLifetime')) { [object]$__cmdletization_value = ${ValidLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ValidLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ValidLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PreferredLifetime')) { [object]$__cmdletization_value = ${PreferredLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PreferredLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PreferredLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.UInt32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Create', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetRoute.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'New-NetRoute' -Alias '*' function Find-NetRoute { [CmdletBinding(PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance[]])] param( [Parameter(ParameterSetName='Find0')] [uint32] ${InterfaceIndex}, [Parameter(ParameterSetName='Find0')] [string] ${LocalIPAddress}, [Parameter(ParameterSetName='Find0', Mandatory=$true)] [string] ${RemoteIPAddress}, [Parameter(ParameterSetName='Find0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Find0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Find0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::ne ScriptBlock ID: b18a4a94-3c02-4f43-9aea-cb9d1e2314d4 Path:	4104	1		3	2	15	0	1516	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:52 PM	9d04040e-981f-0004-9519-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetRoute' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function New-NetRoute { [CmdletBinding(DefaultParameterSetName='ByInterfaceAlias', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance[]])][OutputType([Microsoft.Management.Infrastructure.CimInstance[]])] param( [Parameter(ParameterSetName='ByInterfaceAlias', Mandatory=$true, Position=0)] [Parameter(ParameterSetName='ByInterfaceIndex', Mandatory=$true, Position=0)] [string] ${DestinationPrefix}, [Parameter(ParameterSetName='ByInterfaceAlias', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias')] [string] ${InterfaceAlias}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.AddressFamily] ${AddressFamily}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [string] ${NextHop}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Publish] ${Publish}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [uint16] ${RouteMetric}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Protocol] ${Protocol}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [timespan] ${ValidLifetime}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [timespan] ${PreferredLifetime}, [Parameter(ParameterSetName='ByInterfaceIndex', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifIndex')] [uint32] ${InterfaceIndex}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByInterfaceAlias') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DestinationPrefix')) { [object]$__cmdletization_value = ${DestinationPrefix} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DestinationPrefix'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DestinationPrefix'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceAlias')) { [object]$__cmdletization_value = ${InterfaceAlias} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceAlias'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceAlias'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AddressFamily')) { [object]$__cmdletization_value = ${AddressFamily} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressFamily'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.AddressFamily'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressFamily'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.AddressFamily'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NextHop')) { [object]$__cmdletization_value = ${NextHop} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NextHop'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NextHop'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Publish')) { [object]$__cmdletization_value = ${Publish} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Publish'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Publish'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Publish'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Publish'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RouteMetric')) { [object]$__cmdletization_value = ${RouteMetric} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RouteMetric'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RouteMetric'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Protocol')) { [object]$__cmdletization_value = ${Protocol} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Protocol'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Protocol'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Protocol'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Protocol'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ValidLifetime')) { [object]$__cmdletization_value = ${ValidLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ValidLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ValidLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdl ScriptBlock ID: b18a4a94-3c02-4f43-9aea-cb9d1e2314d4 Path:	4104	1		3	2	15	0	1515	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:52 PM	9d04040e-981f-0004-9519-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetPrefixPolicy' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetPrefixPolicy { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetPrefixPolicy')] param( [Parameter(ParameterSetName='ByName', Position=0)] [ValidateNotNull()] [string[]] ${Prefix}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint32[]] ${Precedence}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint32[]] ${Label}, [Parameter(ParameterSetName='ByName')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Prefix') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Prefix}) $__cmdletization_queryBuilder.FilterByProperty('Prefix', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Precedence') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Precedence}) $__cmdletization_queryBuilder.FilterByProperty('Precedence', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Label') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Label}) $__cmdletization_queryBuilder.FilterByProperty('Label', $__cmdletization_values, $false, 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetPrefixPolicy.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetPrefixPolicy' -Alias '*' ScriptBlock ID: 8f2fceca-6a60-46b1-b016-6de34664694e Path:	4104	1		3	2	15	0	1514	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:52 PM	9d04040e-981f-0004-9219-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): t]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NetworkDirect')) { [object]$__cmdletization_value = ${NetworkDirect} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NetworkDirect'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NetworkDirect'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NetworkDirectAcrossIPSubnets')) { [object]$__cmdletization_value = ${NetworkDirectAcrossIPSubnets} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NetworkDirectAcrossIPSubnets'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.AllowedBlockedEnum'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NetworkDirectAcrossIPSubnets'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.AllowedBlockedEnum'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PacketCoalescingFilter')) { [object]$__cmdletization_value = ${PacketCoalescingFilter} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PacketCoalescingFilter'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PacketCoalescingFilter'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetOffloadGlobalSetting.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetOffloadGlobalSetting' -Alias '*' ScriptBlock ID: 65eea11e-d60d-47cb-b401-3db8cd8ea3ae Path:	4104	1		3	2	15	0	1513	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:52 PM	9d04040e-981f-0004-8e19-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetOffloadGlobalSetting' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetOffloadGlobalSetting { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetOffloadGlobalSetting')] param( [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum[]] ${ReceiveSideScaling}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum[]] ${ReceiveSegmentCoalescing}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.ChimneyEnum[]] ${Chimney}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum[]] ${TaskOffload}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum[]] ${NetworkDirect}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.AllowedBlockedEnum[]] ${NetworkDirectAcrossIPSubnets}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum[]] ${PacketCoalescingFilter}, [Parameter(ParameterSetName='ByName')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('ReceiveSideScaling') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ReceiveSideScaling}) $__cmdletization_queryBuilder.FilterByProperty('ReceiveSideScaling', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ReceiveSegmentCoalescing') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ReceiveSegmentCoalescing}) $__cmdletization_queryBuilder.FilterByProperty('ReceiveSegmentCoalescing', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Chimney') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Chimney}) $__cmdletization_queryBuilder.FilterByProperty('Chimney', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('TaskOffload') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${TaskOffload}) $__cmdletization_queryBuilder.FilterByProperty('TaskOffload', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('NetworkDirect') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${NetworkDirect}) $__cmdletization_queryBuilder.FilterByProperty('NetworkDirect', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('NetworkDirectAcrossIPSubnets') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${NetworkDirectAcrossIPSubnets}) $__cmdletization_queryBuilder.FilterByProperty('NetworkDirectAcrossIPSubnets', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PacketCoalescingFilter') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PacketCoalescingFilter}) $__cmdletization_queryBuilder.FilterByProperty('PacketCoalescingFilter', $__cmdletization_values, $false, 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetOffloadGlobalSetting.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetOffloadGlobalSetting' -Alias '*' function Set-NetOffloadGlobalSetting { [CmdletBinding(DefaultParameterSetName='InputObject (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetOffloadGlobalSetting')] param( [Parameter(ParameterSetName='InputObject (cdxml)', ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetOffloadGlobalSetting')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum] ${ReceiveSideScaling}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum] ${ReceiveSegmentCoalescing}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.ChimneyEnum] ${Chimney}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum] ${TaskOffload}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum] ${NetworkDirect}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.AllowedBlockedEnum] ${NetworkDirectAcrossIPSubnets}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum] ${PacketCoalescingFilter}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ReceiveSideScaling')) { [object]$__cmdletization_value = ${ReceiveSideScaling} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReceiveSideScaling'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReceiveSideScaling'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ReceiveSegmentCoalescing')) { [object]$__cmdletization_value = ${ReceiveSegmentCoalescing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReceiveSegmentCoalescing'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReceiveSegmentCoalescing'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Chimney')) { [object]$__cmdletization_value = ${Chimney} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Chimney'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.ChimneyEnum'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Chimney'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.ChimneyEnum'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('TaskOffload')) { [object]$__cmdletization_value = ${TaskOffload} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TaskOffload'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TaskOffload'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [objec ScriptBlock ID: 65eea11e-d60d-47cb-b401-3db8cd8ea3ae Path:	4104	1		3	2	15	0	1512	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:52 PM	9d04040e-981f-0004-8e19-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): enThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPAddress') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPAddress}) $__cmdletization_queryBuilder.FilterByProperty('IPAddress', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceIndex') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceIndex}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceIndex', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceAlias') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceAlias}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceAlias', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('State') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${State}) $__cmdletization_queryBuilder.FilterByProperty('State', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AddressFamily') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AddressFamily}) $__cmdletization_queryBuilder.FilterByProperty('AddressFamily', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('IncludeAllCompartments') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeAllCompartments', ${IncludeAllCompartments}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LinkLayerAddress')) { [object]$__cmdletization_value = ${LinkLayerAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LinkLayerAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LinkLayerAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetNeighbor.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetNeighbor' -Alias '*' function Remove-NetNeighbor { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='High', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetNeighbor')] param( [Parameter(ParameterSetName='ByName', Position=0)] [ValidateNotNull()] [string[]] ${IPAddress}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Alias('ifIndex')] [ValidateNotNull()] [uint32[]] ${InterfaceIndex}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias')] [ValidateNotNull()] [string[]] ${InterfaceAlias}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [string[]] ${LinkLayerAddress}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetNeighbor.State[]] ${State}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetNeighbor.AddressFamily[]] ${AddressFamily}, [Parameter(ParameterSetName='ByName', ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIPInterface')] [ValidateNotNull()] [ciminstance] ${AssociatedIPInterface}, [Parameter(ParameterSetName='ByName')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [switch] ${IncludeAllCompartments}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetNeighbor')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPAddress') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPAddress}) $__cmdletization_queryBuilder.FilterByProperty('IPAddress', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceIndex') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceIndex}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceIndex', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceAlias') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceAlias}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceAlias', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('LinkLayerAddress') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LinkLayerAddress}) $__cmdletization_queryBuilder.FilterByProperty('LinkLayerAddress', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('State') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${State}) $__cmdletization_queryBuilder.FilterByProperty('State', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AddressFamily') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AddressFamily}) $__cmdletization_queryBuilder.FilterByProperty('AddressFamily', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedIPInterface') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedIPInterface}, 'MSFT_NetIPInterfaceNeighbor', 'Antecedent', 'Dependent', 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('IncludeAllCompartments') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeAllCompartments', ${IncludeAllCompartments}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetNeighbor.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetNeighbor' -Alias '*' ScriptBlock ID: 05d5dd42-6ffb-42bd-8454-885226d1e347 Path:	4104	1		3	2	15	0	1511	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:52 PM	9d04040e-981f-0004-8819-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): alue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('State')) { [object]$__cmdletization_value = ${State} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'State'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetNeighbor.State'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'State'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetNeighbor.State'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AddressFamily')) { [object]$__cmdletization_value = ${AddressFamily} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressFamily'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetNeighbor.AddressFamily'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressFamily'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetNeighbor.AddressFamily'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.UInt32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Create', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetNeighbor.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'New-NetNeighbor' -Alias '*' function Get-NetNeighbor { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetNeighbor')] param( [Parameter(ParameterSetName='ByName', Position=0)] [ValidateNotNull()] [string[]] ${IPAddress}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Alias('ifIndex')] [ValidateNotNull()] [uint32[]] ${InterfaceIndex}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias')] [ValidateNotNull()] [string[]] ${InterfaceAlias}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [string[]] ${LinkLayerAddress}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetNeighbor.State[]] ${State}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetNeighbor.AddressFamily[]] ${AddressFamily}, [Parameter(ParameterSetName='ByName', ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIPInterface')] [ValidateNotNull()] [ciminstance] ${AssociatedIPInterface}, [Parameter(ParameterSetName='ByName')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [switch] ${IncludeAllCompartments}, [Parameter(ParameterSetName='ByName')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPAddress') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPAddress}) $__cmdletization_queryBuilder.FilterByProperty('IPAddress', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceIndex') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceIndex}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceIndex', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceAlias') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceAlias}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceAlias', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('LinkLayerAddress') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LinkLayerAddress}) $__cmdletization_queryBuilder.FilterByProperty('LinkLayerAddress', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('State') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${State}) $__cmdletization_queryBuilder.FilterByProperty('State', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AddressFamily') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AddressFamily}) $__cmdletization_queryBuilder.FilterByProperty('AddressFamily', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedIPInterface') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedIPInterface}, 'MSFT_NetIPInterfaceNeighbor', 'Antecedent', 'Dependent', 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('IncludeAllCompartments') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeAllCompartments', ${IncludeAllCompartments}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetNeighbor.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetNeighbor' -Alias '*' function Set-NetNeighbor { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetNeighbor')] param( [Parameter(ParameterSetName='ByName', Position=0)] [ValidateNotNull()] [string[]] ${IPAddress}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Alias('ifIndex')] [ValidateNotNull()] [uint32[]] ${InterfaceIndex}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias')] [ValidateNotNull()] [string[]] ${InterfaceAlias}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetNeighbor.State[]] ${State}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetNeighbor.AddressFamily[]] ${AddressFamily}, [Parameter(ParameterSetName='ByName')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [switch] ${IncludeAllCompartments}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetNeighbor')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${LinkLayerAddress}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBe ScriptBlock ID: 05d5dd42-6ffb-42bd-8454-885226d1e347 Path:	4104	1		3	2	15	0	1510	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:52 PM	9d04040e-981f-0004-8819-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetNeighbor' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function New-NetNeighbor { [CmdletBinding(DefaultParameterSetName='ByInterfaceAlias', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance[]])][OutputType([Microsoft.Management.Infrastructure.CimInstance[]])] param( [Parameter(ParameterSetName='ByInterfaceAlias', Mandatory=$true, Position=0)] [Parameter(ParameterSetName='ByInterfaceIndex', Mandatory=$true, Position=0)] [string] ${IPAddress}, [Parameter(ParameterSetName='ByInterfaceAlias', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias')] [string] ${InterfaceAlias}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [string] ${LinkLayerAddress}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetNeighbor.State] ${State}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetNeighbor.AddressFamily] ${AddressFamily}, [Parameter(ParameterSetName='ByInterfaceIndex', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifIndex')] [uint32] ${InterfaceIndex}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByInterfaceAlias') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPAddress')) { [object]$__cmdletization_value = ${IPAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceAlias')) { [object]$__cmdletization_value = ${InterfaceAlias} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceAlias'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceAlias'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LinkLayerAddress')) { [object]$__cmdletization_value = ${LinkLayerAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LinkLayerAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LinkLayerAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('State')) { [object]$__cmdletization_value = ${State} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'State'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetNeighbor.State'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'State'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetNeighbor.State'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AddressFamily')) { [object]$__cmdletization_value = ${AddressFamily} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressFamily'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetNeighbor.AddressFamily'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressFamily'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetNeighbor.AddressFamily'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.UInt32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Create', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } { @('ByInterfaceIndex') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPAddress')) { [object]$__cmdletization_value = ${IPAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceIndex')) { [object]$__cmdletization_value = ${InterfaceIndex} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceIndex'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceIndex'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LinkLayerAddress')) { [object]$__cmdletization_value = ${LinkLayerAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LinkLayerAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LinkLayerAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultV ScriptBlock ID: 05d5dd42-6ffb-42bd-8454-885226d1e347 Path:	4104	1		3	2	15	0	1509	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:52 PM	9d04040e-981f-0004-8819-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): ent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetIPv6Protocol.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetIPv6Protocol' -Alias '*' ScriptBlock ID: dc433449-b6cc-4d39-8b7e-9a83ed6fa84b Path:	4104	1		3	2	15	0	1508	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:52 PM	9d04040e-981f-0004-8419-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): etization.MethodParameter]@{Name = 'DhcpMediaSense'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.DhcpMediaSense'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MediaSenseEventLog')) { [object]$__cmdletization_value = ${MediaSenseEventLog} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MediaSenseEventLog'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.MediaSenseEventLog'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MediaSenseEventLog'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.MediaSenseEventLog'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MldLevel')) { [object]$__cmdletization_value = ${MldLevel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MldLevel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.MldLevel'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MldLevel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.MldLevel'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MldVersion')) { [object]$__cmdletization_value = ${MldVersion} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MldVersion'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.MldVersion'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MldVersion'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.MldVersion'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MulticastForwarding')) { [object]$__cmdletization_value = ${MulticastForwarding} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MulticastForwarding'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.MulticastForwarding'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MulticastForwarding'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.MulticastForwarding'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GroupForwardedFragments')) { [object]$__cmdletization_value = ${GroupForwardedFragments} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GroupForwardedFragments'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.GroupForwardedFragments'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GroupForwardedFragments'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.GroupForwardedFragments'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RandomizeIdentifiers')) { [object]$__cmdletization_value = ${RandomizeIdentifiers} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RandomizeIdentifiers'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.RandomizeIdentifiers'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RandomizeIdentifiers'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.RandomizeIdentifiers'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AddressMaskReply')) { [object]$__cmdletization_value = ${AddressMaskReply} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressMaskReply'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.AddressMaskReply'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressMaskReply'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.AddressMaskReply'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('UseTemporaryAddresses')) { [object]$__cmdletization_value = ${UseTemporaryAddresses} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UseTemporaryAddresses'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.UseTemporaryAddresses'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UseTemporaryAddresses'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.UseTemporaryAddresses'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxTemporaryDadAttempts')) { [object]$__cmdletization_value = ${MaxTemporaryDadAttempts} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxDadAttempts'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxDadAttempts'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxTemporaryValidLifetime')) { [object]$__cmdletization_value = ${MaxTemporaryValidLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxValidLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxValidLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxTemporaryPreferredLifetime')) { [object]$__cmdletization_value = ${MaxTemporaryPreferredLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxPreferredLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxPreferredLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('TemporaryRegenerateTime')) { [object]$__cmdletization_value = ${TemporaryRegenerateTime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegenerateTime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegenerateTime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxTemporaryDesyncTime')) { [object]$__cmdletization_value = ${MaxTemporaryDesyncTime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxRandomTime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxRandomTime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePres ScriptBlock ID: dc433449-b6cc-4d39-8b7e-9a83ed6fa84b Path:	4104	1		3	2	15	0	1507	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:52 PM	9d04040e-981f-0004-8419-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): Time}) $__cmdletization_queryBuilder.FilterByProperty('MaxRandomTime', $__cmdletization_values, $false, 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetIPv6Protocol.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPv6Protocol' -Alias '*' function Set-NetIPv6Protocol { [CmdletBinding(DefaultParameterSetName='InputObject (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetIPv6Protocol')] param( [Parameter(ParameterSetName='InputObject (cdxml)', ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIPv6Protocol')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${DefaultHopLimit}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('NeighborCacheLimit')] [uint32] ${NeighborCacheLimitEntries}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('RouteCacheLimit')] [uint32] ${RouteCacheLimitEntries}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('ReassemblyLimit')] [uint32] ${ReassemblyLimitBytes}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.IcmpRedirects] ${IcmpRedirects}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.SourceRoutingBehavior] ${SourceRoutingBehavior}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.DhcpMediaSense] ${DhcpMediaSense}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.MediaSenseEventLog] ${MediaSenseEventLog}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.MldLevel] ${MldLevel}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.MldVersion] ${MldVersion}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.MulticastForwarding] ${MulticastForwarding}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.GroupForwardedFragments] ${GroupForwardedFragments}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.RandomizeIdentifiers] ${RandomizeIdentifiers}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.AddressMaskReply] ${AddressMaskReply}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.UseTemporaryAddresses] ${UseTemporaryAddresses}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('MaxDadAttempts')] [uint32] ${MaxTemporaryDadAttempts}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('MaxValidLifetime')] [timespan] ${MaxTemporaryValidLifetime}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('MaxPreferredLifetime')] [timespan] ${MaxTemporaryPreferredLifetime}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('RegenerateTime')] [timespan] ${TemporaryRegenerateTime}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('MaxRandomTime')] [timespan] ${MaxTemporaryDesyncTime}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DefaultHopLimit')) { [object]$__cmdletization_value = ${DefaultHopLimit} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefaultHopLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefaultHopLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NeighborCacheLimitEntries')) { [object]$__cmdletization_value = ${NeighborCacheLimitEntries} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NeighborCacheLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NeighborCacheLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RouteCacheLimitEntries')) { [object]$__cmdletization_value = ${RouteCacheLimitEntries} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RouteCacheLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RouteCacheLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ReassemblyLimitBytes')) { [object]$__cmdletization_value = ${ReassemblyLimitBytes} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReassemblyLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReassemblyLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IcmpRedirects')) { [object]$__cmdletization_value = ${IcmpRedirects} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpRedirects'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.IcmpRedirects'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpRedirects'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.IcmpRedirects'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SourceRoutingBehavior')) { [object]$__cmdletization_value = ${SourceRoutingBehavior} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SourceRoutingBehavior'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.SourceRoutingBehavior'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SourceRoutingBehavior'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.SourceRoutingBehavior'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DhcpMediaSense')) { [object]$__cmdletization_value = ${DhcpMediaSense} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DhcpMediaSense'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.DhcpMediaSense'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdl ScriptBlock ID: dc433449-b6cc-4d39-8b7e-9a83ed6fa84b Path:	4104	1		3	2	15	0	1506	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:52 PM	9d04040e-981f-0004-8419-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetIPv6Protocol' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetIPv6Protocol { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetIPv6Protocol')] param( [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint32[]] ${DefaultHopLimit}, [Parameter(ParameterSetName='ByName')] [Alias('NeighborCacheLimit')] [ValidateNotNull()] [uint32[]] ${NeighborCacheLimitEntries}, [Parameter(ParameterSetName='ByName')] [Alias('RouteCacheLimit')] [ValidateNotNull()] [uint32[]] ${RouteCacheLimitEntries}, [Parameter(ParameterSetName='ByName')] [Alias('ReassemblyLimit')] [ValidateNotNull()] [uint32[]] ${ReassemblyLimitBytes}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.IcmpRedirects[]] ${IcmpRedirects}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.SourceRoutingBehavior[]] ${SourceRoutingBehavior}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.DhcpMediaSense[]] ${DhcpMediaSense}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.MediaSenseEventLog[]] ${MediaSenseEventLog}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.MldLevel[]] ${MldLevel}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.MldVersion[]] ${MldVersion}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.MulticastForwarding[]] ${MulticastForwarding}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.GroupForwardedFragments[]] ${GroupForwardedFragments}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.RandomizeIdentifiers[]] ${RandomizeIdentifiers}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.AddressMaskReply[]] ${AddressMaskReply}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.UseTemporaryAddresses[]] ${UseTemporaryAddresses}, [Parameter(ParameterSetName='ByName')] [Alias('MaxDadAttempts')] [ValidateNotNull()] [uint32[]] ${MaxTemporaryDadAttempts}, [Parameter(ParameterSetName='ByName')] [Alias('MaxValidLifetime')] [ValidateNotNull()] [timespan[]] ${MaxTemporaryValidLifetime}, [Parameter(ParameterSetName='ByName')] [Alias('MaxPreferredLifetime')] [ValidateNotNull()] [timespan[]] ${MaxTemporaryPreferredLifetime}, [Parameter(ParameterSetName='ByName')] [Alias('RegenerateTime')] [ValidateNotNull()] [timespan[]] ${TemporaryRegenerateTime}, [Parameter(ParameterSetName='ByName')] [Alias('MaxRandomTime')] [ValidateNotNull()] [timespan[]] ${MaxTemporaryDesyncTime}, [Parameter(ParameterSetName='ByName')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('DefaultHopLimit') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DefaultHopLimit}) $__cmdletization_queryBuilder.FilterByProperty('DefaultHopLimit', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('NeighborCacheLimitEntries') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${NeighborCacheLimitEntries}) $__cmdletization_queryBuilder.FilterByProperty('NeighborCacheLimit', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RouteCacheLimitEntries') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RouteCacheLimitEntries}) $__cmdletization_queryBuilder.FilterByProperty('RouteCacheLimit', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ReassemblyLimitBytes') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ReassemblyLimitBytes}) $__cmdletization_queryBuilder.FilterByProperty('ReassemblyLimit', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('IcmpRedirects') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IcmpRedirects}) $__cmdletization_queryBuilder.FilterByProperty('IcmpRedirects', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('SourceRoutingBehavior') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${SourceRoutingBehavior}) $__cmdletization_queryBuilder.FilterByProperty('SourceRoutingBehavior', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('DhcpMediaSense') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DhcpMediaSense}) $__cmdletization_queryBuilder.FilterByProperty('DhcpMediaSense', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MediaSenseEventLog') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MediaSenseEventLog}) $__cmdletization_queryBuilder.FilterByProperty('MediaSenseEventLog', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MldLevel') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MldLevel}) $__cmdletization_queryBuilder.FilterByProperty('MldLevel', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MldVersion') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MldVersion}) $__cmdletization_queryBuilder.FilterByProperty('MldVersion', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MulticastForwarding') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MulticastForwarding}) $__cmdletization_queryBuilder.FilterByProperty('MulticastForwarding', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('GroupForwardedFragments') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${GroupForwardedFragments}) $__cmdletization_queryBuilder.FilterByProperty('GroupForwardedFragments', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RandomizeIdentifiers') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RandomizeIdentifiers}) $__cmdletization_queryBuilder.FilterByProperty('RandomizeIdentifiers', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AddressMaskReply') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AddressMaskReply}) $__cmdletization_queryBuilder.FilterByProperty('AddressMaskReply', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('UseTemporaryAddresses') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${UseTemporaryAddresses}) $__cmdletization_queryBuilder.FilterByProperty('UseTemporaryAddresses', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MaxTemporaryDadAttempts') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MaxTemporaryDadAttempts}) $__cmdletization_queryBuilder.FilterByProperty('MaxDadAttempts', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MaxTemporaryValidLifetime') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MaxTemporaryValidLifetime}) $__cmdletization_queryBuilder.FilterByProperty('MaxValidLifetime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MaxTemporaryPreferredLifetime') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MaxTemporaryPreferredLifetime}) $__cmdletization_queryBuilder.FilterByProperty('MaxPreferredLifetime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('TemporaryRegenerateTime') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${TemporaryRegenerateTime}) $__cmdletization_queryBuilder.FilterByProperty('RegenerateTime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MaxTemporaryDesyncTime') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MaxTemporaryDesync ScriptBlock ID: dc433449-b6cc-4d39-8b7e-9a83ed6fa84b Path:	4104	1		3	2	15	0	1505	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:52 PM	9d04040e-981f-0004-8419-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): t]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NeighborCacheLimitEntries')) { [object]$__cmdletization_value = ${NeighborCacheLimitEntries} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NeighborCacheLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NeighborCacheLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RouteCacheLimitEntries')) { [object]$__cmdletization_value = ${RouteCacheLimitEntries} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RouteCacheLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RouteCacheLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ReassemblyLimitBytes')) { [object]$__cmdletization_value = ${ReassemblyLimitBytes} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReassemblyLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReassemblyLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IcmpRedirects')) { [object]$__cmdletization_value = ${IcmpRedirects} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpRedirects'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.IcmpRedirects'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpRedirects'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.IcmpRedirects'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SourceRoutingBehavior')) { [object]$__cmdletization_value = ${SourceRoutingBehavior} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SourceRoutingBehavior'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.SourceRoutingBehavior'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SourceRoutingBehavior'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.SourceRoutingBehavior'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DhcpMediaSense')) { [object]$__cmdletization_value = ${DhcpMediaSense} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DhcpMediaSense'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.DhcpMediaSense'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DhcpMediaSense'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.DhcpMediaSense'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MediaSenseEventLog')) { [object]$__cmdletization_value = ${MediaSenseEventLog} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MediaSenseEventLog'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.MediaSenseEventLog'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MediaSenseEventLog'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.MediaSenseEventLog'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IGMPLevel')) { [object]$__cmdletization_value = ${IGMPLevel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MldLevel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.MldLevel'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MldLevel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.MldLevel'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IGMPVersion')) { [object]$__cmdletization_value = ${IGMPVersion} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MldVersion'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.MldVersion'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MldVersion'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.MldVersion'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MulticastForwarding')) { [object]$__cmdletization_value = ${MulticastForwarding} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MulticastForwarding'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.MulticastForwarding'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MulticastForwarding'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.MulticastForwarding'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GroupForwardedFragments')) { [object]$__cmdletization_value = ${GroupForwardedFragments} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GroupForwardedFragments'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.GroupForwardedFragments'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GroupForwardedFragments'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.GroupForwardedFragments'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RandomizeIdentifiers')) { [object]$__cmdletization_value = ${RandomizeIdentifiers} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RandomizeIdentifiers'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.RandomizeIdentifiers'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RandomizeIdentifiers'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.RandomizeIdentifiers'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AddressMaskReply')) { [object]$__cmdletization_value = ${AddressMaskReply} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressMaskReply'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.AddressMaskReply'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressMaskReply'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.AddressMaskReply'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MinimumMtu')) { [object]$__cmdletization_value = ${MinimumMtu} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MinimumMtu'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MinimumMtu'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetIPv4Protocol.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetIPv4Protocol' -Alias '*' ScriptBlock ID: cc9d9737-83c7-437d-8fe3-d608e8868862 Path:	4104	1		3	2	15	0	1504	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:52 PM	9d04040e-981f-0004-8019-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetIPv4Protocol' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetIPv4Protocol { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetIPv4Protocol')] param( [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint32[]] ${DefaultHopLimit}, [Parameter(ParameterSetName='ByName')] [Alias('NeighborCacheLimit')] [ValidateNotNull()] [uint32[]] ${NeighborCacheLimitEntries}, [Parameter(ParameterSetName='ByName')] [Alias('RouteCacheLimit')] [ValidateNotNull()] [uint32[]] ${RouteCacheLimitEntries}, [Parameter(ParameterSetName='ByName')] [Alias('ReassemblyLimit')] [ValidateNotNull()] [uint32[]] ${ReassemblyLimitBytes}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.IcmpRedirects[]] ${IcmpRedirects}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.SourceRoutingBehavior[]] ${SourceRoutingBehavior}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.DhcpMediaSense[]] ${DhcpMediaSense}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.MediaSenseEventLog[]] ${MediaSenseEventLog}, [Parameter(ParameterSetName='ByName')] [Alias('MldLevel')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.MldLevel[]] ${IGMPLevel}, [Parameter(ParameterSetName='ByName')] [Alias('MldVersion')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.MldVersion[]] ${IGMPVersion}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.MulticastForwarding[]] ${MulticastForwarding}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.GroupForwardedFragments[]] ${GroupForwardedFragments}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.RandomizeIdentifiers[]] ${RandomizeIdentifiers}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.AddressMaskReply[]] ${AddressMaskReply}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint32[]] ${MinimumMtu}, [Parameter(ParameterSetName='ByName')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('DefaultHopLimit') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DefaultHopLimit}) $__cmdletization_queryBuilder.FilterByProperty('DefaultHopLimit', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('NeighborCacheLimitEntries') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${NeighborCacheLimitEntries}) $__cmdletization_queryBuilder.FilterByProperty('NeighborCacheLimit', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RouteCacheLimitEntries') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RouteCacheLimitEntries}) $__cmdletization_queryBuilder.FilterByProperty('RouteCacheLimit', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ReassemblyLimitBytes') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ReassemblyLimitBytes}) $__cmdletization_queryBuilder.FilterByProperty('ReassemblyLimit', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('IcmpRedirects') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IcmpRedirects}) $__cmdletization_queryBuilder.FilterByProperty('IcmpRedirects', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('SourceRoutingBehavior') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${SourceRoutingBehavior}) $__cmdletization_queryBuilder.FilterByProperty('SourceRoutingBehavior', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('DhcpMediaSense') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DhcpMediaSense}) $__cmdletization_queryBuilder.FilterByProperty('DhcpMediaSense', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MediaSenseEventLog') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MediaSenseEventLog}) $__cmdletization_queryBuilder.FilterByProperty('MediaSenseEventLog', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('IGMPLevel') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IGMPLevel}) $__cmdletization_queryBuilder.FilterByProperty('MldLevel', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('IGMPVersion') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IGMPVersion}) $__cmdletization_queryBuilder.FilterByProperty('MldVersion', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MulticastForwarding') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MulticastForwarding}) $__cmdletization_queryBuilder.FilterByProperty('MulticastForwarding', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('GroupForwardedFragments') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${GroupForwardedFragments}) $__cmdletization_queryBuilder.FilterByProperty('GroupForwardedFragments', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RandomizeIdentifiers') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RandomizeIdentifiers}) $__cmdletization_queryBuilder.FilterByProperty('RandomizeIdentifiers', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AddressMaskReply') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AddressMaskReply}) $__cmdletization_queryBuilder.FilterByProperty('AddressMaskReply', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MinimumMtu') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MinimumMtu}) $__cmdletization_queryBuilder.FilterByProperty('MinimumMtu', $__cmdletization_values, $false, 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetIPv4Protocol.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPv4Protocol' -Alias '*' function Set-NetIPv4Protocol { [CmdletBinding(DefaultParameterSetName='InputObject (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetIPv4Protocol')] param( [Parameter(ParameterSetName='InputObject (cdxml)', ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIPv4Protocol')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${DefaultHopLimit}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('NeighborCacheLimit')] [uint32] ${NeighborCacheLimitEntries}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('RouteCacheLimit')] [uint32] ${RouteCacheLimitEntries}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('ReassemblyLimit')] [uint32] ${ReassemblyLimitBytes}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.IcmpRedirects] ${IcmpRedirects}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.SourceRoutingBehavior] ${SourceRoutingBehavior}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.DhcpMediaSense] ${DhcpMediaSense}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.MediaSenseEventLog] ${MediaSenseEventLog}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('MldLevel')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.MldLevel] ${IGMPLevel}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('MldVersion')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.MldVersion] ${IGMPVersion}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.MulticastForwarding] ${MulticastForwarding}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.GroupForwardedFragments] ${GroupForwardedFragments}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.RandomizeIdentifiers] ${RandomizeIdentifiers}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.AddressMaskReply] ${AddressMaskReply}, [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${MinimumMtu}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DefaultHopLimit')) { [object]$__cmdletization_value = ${DefaultHopLimit} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefaultHopLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefaultHopLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [objec ScriptBlock ID: cc9d9737-83c7-437d-8fe3-d608e8868862 Path:	4104	1		3	2	15	0	1503	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:52 PM	9d04040e-981f-0004-8019-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): [object]$__cmdletization_value = ${EcnMarking} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EcnMarking'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.EcnMarking'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EcnMarking'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.EcnMarking'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Dhcp')) { [object]$__cmdletization_value = ${Dhcp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Dhcp'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.Dhcp'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Dhcp'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.Dhcp'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AutomaticMetric')) { [object]$__cmdletization_value = ${AutomaticMetric} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AutomaticMetric'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.AutomaticMetric'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AutomaticMetric'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.AutomaticMetric'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetIPInterface.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetIPInterface' -Alias '*' ScriptBlock ID: 31ce4a19-6fb6-451c-a171-dd41570f349d Path:	4104	1		3	2	15	0	1502	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:52 PM	9d04040e-981f-0004-7c19-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): lse { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RetransmitTime'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DadTransmits')) { [object]$__cmdletization_value = ${DadTransmits} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DadTransmits'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DadTransmits'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DadRetransmitTimeMs')) { [object]$__cmdletization_value = ${DadRetransmitTimeMs} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DadRetransmitTime'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DadRetransmitTime'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RouterDiscovery')) { [object]$__cmdletization_value = ${RouterDiscovery} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RouterDiscovery'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.RouterDiscovery'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RouterDiscovery'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.RouterDiscovery'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ManagedAddressConfiguration')) { [object]$__cmdletization_value = ${ManagedAddressConfiguration} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ManagedAddressConfiguration'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.ManagedAddressConfiguration'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ManagedAddressConfiguration'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.ManagedAddressConfiguration'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('OtherStatefulConfiguration')) { [object]$__cmdletization_value = ${OtherStatefulConfiguration} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'OtherStatefulConfiguration'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.OtherStatefulConfiguration'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'OtherStatefulConfiguration'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.OtherStatefulConfiguration'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('WeakHostSend')) { [object]$__cmdletization_value = ${WeakHostSend} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'WeakHostSend'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.WeakHostSend'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'WeakHostSend'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.WeakHostSend'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('WeakHostReceive')) { [object]$__cmdletization_value = ${WeakHostReceive} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'WeakHostReceive'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.WeakHostReceive'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'WeakHostReceive'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.WeakHostReceive'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IgnoreDefaultRoutes')) { [object]$__cmdletization_value = ${IgnoreDefaultRoutes} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IgnoreDefaultRoutes'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.IgnoreDefaultRoutes'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IgnoreDefaultRoutes'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.IgnoreDefaultRoutes'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AdvertisedRouterLifetime')) { [object]$__cmdletization_value = ${AdvertisedRouterLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AdvertisedRouterLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AdvertisedRouterLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AdvertiseDefaultRoute')) { [object]$__cmdletization_value = ${AdvertiseDefaultRoute} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AdvertiseDefaultRoute'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.AdvertiseDefaultRoute'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AdvertiseDefaultRoute'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.AdvertiseDefaultRoute'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('CurrentHopLimit')) { [object]$__cmdletization_value = ${CurrentHopLimit} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CurrentHopLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CurrentHopLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ForceArpNdWolPattern')) { [object]$__cmdletization_value = ${ForceArpNdWolPattern} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ForceArpNdWolPattern'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.ForceArpNdWolPattern'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ForceArpNdWolPattern'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.ForceArpNdWolPattern'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DirectedMacWolPattern')) { [object]$__cmdletization_value = ${DirectedMacWolPattern} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DirectedMacWolPattern'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.DirectedMacWolPattern'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DirectedMacWolPattern'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.DirectedMacWolPattern'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EcnMarking')) { ScriptBlock ID: 31ce4a19-6fb6-451c-a171-dd41570f349d Path:	4104	1		3	2	15	0	1501	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:52 PM	9d04040e-981f-0004-7c19-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): meterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.IgnoreDefaultRoutes] ${IgnoreDefaultRoutes}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [timespan] ${AdvertisedRouterLifetime}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.AdvertiseDefaultRoute] ${AdvertiseDefaultRoute}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${CurrentHopLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.ForceArpNdWolPattern] ${ForceArpNdWolPattern}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.DirectedMacWolPattern] ${DirectedMacWolPattern}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.EcnMarking] ${EcnMarking}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.Dhcp] ${Dhcp}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.AutomaticMetric] ${AutomaticMetric}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('InterfaceIndex') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceIndex}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceIndex', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceAlias') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceAlias}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceAlias', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AddressFamily') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AddressFamily}) $__cmdletization_queryBuilder.FilterByProperty('AddressFamily', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ReachableTime') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ReachableTime}) $__cmdletization_queryBuilder.FilterByProperty('ReachableTime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('NeighborDiscoverySupported') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${NeighborDiscoverySupported}) $__cmdletization_queryBuilder.FilterByProperty('NeighborDiscoverySupported', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('CompartmentId') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${CompartmentId}) $__cmdletization_queryBuilder.FilterByProperty('CompartmentId', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('IncludeAllCompartments') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeAllCompartments', ${IncludeAllCompartments}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Forwarding')) { [object]$__cmdletization_value = ${Forwarding} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Forwarding'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.Forwarding'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Forwarding'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.Forwarding'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ClampMss')) { [object]$__cmdletization_value = ${ClampMss} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ClampMss'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.ClampMss'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ClampMss'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.ClampMss'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Advertising')) { [object]$__cmdletization_value = ${Advertising} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Advertising'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.Advertising'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Advertising'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.Advertising'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NlMtuBytes')) { [object]$__cmdletization_value = ${NlMtuBytes} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NlMtu'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NlMtu'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceMetric')) { [object]$__cmdletization_value = ${InterfaceMetric} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceMetric'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceMetric'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NeighborUnreachabilityDetection')) { [object]$__cmdletization_value = ${NeighborUnreachabilityDetection} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NeighborUnreachabilityDetection'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.NeighborUnreachabilityDetection'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NeighborUnreachabilityDetection'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.NeighborUnreachabilityDetection'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('BaseReachableTimeMs')) { [object]$__cmdletization_value = ${BaseReachableTimeMs} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'BaseReachableTime'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'BaseReachableTime'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RetransmitTimeMs')) { [object]$__cmdletization_value = ${RetransmitTimeMs} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RetransmitTime'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } e ScriptBlock ID: 31ce4a19-6fb6-451c-a171-dd41570f349d Path:	4104	1		3	2	15	0	1500	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:52 PM	9d04040e-981f-0004-7c19-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): ization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ReachableTimeMs') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ReachableTimeMs}) $__cmdletization_queryBuilder.FilterByProperty('ReachableTime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RetransmitTimeMs') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RetransmitTimeMs}) $__cmdletization_queryBuilder.FilterByProperty('RetransmitTime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('DadTransmits') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DadTransmits}) $__cmdletization_queryBuilder.FilterByProperty('DadTransmits', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('DadRetransmitTimeMs') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DadRetransmitTimeMs}) $__cmdletization_queryBuilder.FilterByProperty('DadRetransmitTime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RouterDiscovery') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RouterDiscovery}) $__cmdletization_queryBuilder.FilterByProperty('RouterDiscovery', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ManagedAddressConfiguration') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ManagedAddressConfiguration}) $__cmdletization_queryBuilder.FilterByProperty('ManagedAddressConfiguration', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('OtherStatefulConfiguration') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${OtherStatefulConfiguration}) $__cmdletization_queryBuilder.FilterByProperty('OtherStatefulConfiguration', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('WeakHostSend') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${WeakHostSend}) $__cmdletization_queryBuilder.FilterByProperty('WeakHostSend', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('WeakHostReceive') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${WeakHostReceive}) $__cmdletization_queryBuilder.FilterByProperty('WeakHostReceive', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('IgnoreDefaultRoutes') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IgnoreDefaultRoutes}) $__cmdletization_queryBuilder.FilterByProperty('IgnoreDefaultRoutes', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AdvertisedRouterLifetime') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AdvertisedRouterLifetime}) $__cmdletization_queryBuilder.FilterByProperty('AdvertisedRouterLifetime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AdvertiseDefaultRoute') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AdvertiseDefaultRoute}) $__cmdletization_queryBuilder.FilterByProperty('AdvertiseDefaultRoute', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('CurrentHopLimit') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${CurrentHopLimit}) $__cmdletization_queryBuilder.FilterByProperty('CurrentHopLimit', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ForceArpNdWolPattern') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForceArpNdWolPattern}) $__cmdletization_queryBuilder.FilterByProperty('ForceArpNdWolPattern', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('DirectedMacWolPattern') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DirectedMacWolPattern}) $__cmdletization_queryBuilder.FilterByProperty('DirectedMacWolPattern', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EcnMarking') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EcnMarking}) $__cmdletization_queryBuilder.FilterByProperty('EcnMarking', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Dhcp') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Dhcp}) $__cmdletization_queryBuilder.FilterByProperty('Dhcp', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ConnectionState') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ConnectionState}) $__cmdletization_queryBuilder.FilterByProperty('ConnectionState', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AutomaticMetric') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AutomaticMetric}) $__cmdletization_queryBuilder.FilterByProperty('AutomaticMetric', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('NeighborDiscoverySupported') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${NeighborDiscoverySupported}) $__cmdletization_queryBuilder.FilterByProperty('NeighborDiscoverySupported', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('CompartmentId') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${CompartmentId}) $__cmdletization_queryBuilder.FilterByProperty('CompartmentId', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedRoute') -and (@('ByRoute') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedRoute}, 'MSFT_NetIPInterfaceRoute', 'Dependent', 'Antecedent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedIPAddress') -and (@('ByIPAddress') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedIPAddress}, 'MSFT_NetIPInterfaceIPAddress', 'Dependent', 'Antecedent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNeighbor') -and (@('ByNeighbor') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNeighbor}, 'MSFT_NetIPInterfaceNeighbor', 'Dependent', 'Antecedent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedAdapter') -and (@('ByAdapter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedAdapter}, 'MSFT_NetIPInterfaceAdapter', 'Dependent', 'Antecedent', 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('IncludeAllCompartments') -and (@('ByName', 'ByRoute', 'ByIPAddress', 'ByNeighbor', 'ByAdapter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeAllCompartments', ${IncludeAllCompartments}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetIPInterface.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPInterface' -Alias '*' function Set-NetIPInterface { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetIPInterface')] param( [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Alias('ifIndex')] [ValidateNotNull()] [uint32[]] ${InterfaceIndex}, [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias')] [ValidateNotNull()] [string[]] ${InterfaceAlias}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.AddressFamily[]] ${AddressFamily}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint32[]] ${ReachableTime}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.NeighborDiscoverySupported[]] ${NeighborDiscoverySupported}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint32[]] ${CompartmentId}, [Parameter(ParameterSetName='ByName')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [switch] ${IncludeAllCompartments}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIPInterface')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.Forwarding] ${Forwarding}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.ClampMss] ${ClampMss}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.Advertising] ${Advertising}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${NlMtuBytes}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${InterfaceMetric}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.NeighborUnreachabilityDetection] ${NeighborUnreachabilityDetection}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('BaseReachableTime')] [uint32] ${BaseReachableTimeMs}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('RetransmitTime')] [uint32] ${RetransmitTimeMs}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${DadTransmits}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('DadRetransmitTime')] [uint32] ${DadRetransmitTimeMs}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.RouterDiscovery] ${RouterDiscovery}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.ManagedAddressConfiguration] ${ManagedAddressConfiguration}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.OtherStatefulConfiguration] ${OtherStatefulConfiguration}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.WeakHostSend] ${WeakHostSend}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.WeakHostReceive] ${WeakHostReceive}, [Parameter(Para ScriptBlock ID: 31ce4a19-6fb6-451c-a171-dd41570f349d Path:	4104	1		3	2	15	0	1499	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:52 PM	9d04040e-981f-0004-7c19-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetIPInterface' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetIPInterface { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetIPInterface')] param( [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Alias('ifIndex')] [ValidateNotNull()] [uint32[]] ${InterfaceIndex}, [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias')] [ValidateNotNull()] [string[]] ${InterfaceAlias}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.AddressFamily[]] ${AddressFamily}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.Forwarding[]] ${Forwarding}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.ClampMss[]] ${ClampMss}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.Advertising[]] ${Advertising}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint32[]] ${NlMtuBytes}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint32[]] ${InterfaceMetric}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.NeighborUnreachabilityDetection[]] ${NeighborUnreachabilityDetection}, [Parameter(ParameterSetName='ByName')] [Alias('BaseReachableTime')] [ValidateNotNull()] [uint32[]] ${BaseReachableTimeMs}, [Parameter(ParameterSetName='ByName')] [Alias('ReachableTime')] [ValidateNotNull()] [uint32[]] ${ReachableTimeMs}, [Parameter(ParameterSetName='ByName')] [Alias('RetransmitTime')] [ValidateNotNull()] [uint32[]] ${RetransmitTimeMs}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint32[]] ${DadTransmits}, [Parameter(ParameterSetName='ByName')] [Alias('DadRetransmitTime')] [ValidateNotNull()] [uint32[]] ${DadRetransmitTimeMs}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.RouterDiscovery[]] ${RouterDiscovery}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.ManagedAddressConfiguration[]] ${ManagedAddressConfiguration}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.OtherStatefulConfiguration[]] ${OtherStatefulConfiguration}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.WeakHostSend[]] ${WeakHostSend}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.WeakHostReceive[]] ${WeakHostReceive}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.IgnoreDefaultRoutes[]] ${IgnoreDefaultRoutes}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [timespan[]] ${AdvertisedRouterLifetime}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.AdvertiseDefaultRoute[]] ${AdvertiseDefaultRoute}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint32[]] ${CurrentHopLimit}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.ForceArpNdWolPattern[]] ${ForceArpNdWolPattern}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.DirectedMacWolPattern[]] ${DirectedMacWolPattern}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.EcnMarking[]] ${EcnMarking}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.Dhcp[]] ${Dhcp}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.ConnectionState[]] ${ConnectionState}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.AutomaticMetric[]] ${AutomaticMetric}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.NeighborDiscoverySupported[]] ${NeighborDiscoverySupported}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint32[]] ${CompartmentId}, [Parameter(ParameterSetName='ByRoute', ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetRoute')] [ValidateNotNull()] [ciminstance] ${AssociatedRoute}, [Parameter(ParameterSetName='ByIPAddress', ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIPAddress')] [ValidateNotNull()] [ciminstance] ${AssociatedIPAddress}, [Parameter(ParameterSetName='ByNeighbor', ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetNeighbor')] [ValidateNotNull()] [ciminstance] ${AssociatedNeighbor}, [Parameter(ParameterSetName='ByAdapter', ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAdapter')] [ValidateNotNull()] [ciminstance] ${AssociatedAdapter}, [Parameter(ParameterSetName='ByName')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByRoute')] [Parameter(ParameterSetName='ByIPAddress')] [Parameter(ParameterSetName='ByNeighbor')] [Parameter(ParameterSetName='ByAdapter')] [switch] ${IncludeAllCompartments}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByRoute')] [Parameter(ParameterSetName='ByIPAddress')] [Parameter(ParameterSetName='ByNeighbor')] [Parameter(ParameterSetName='ByAdapter')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByRoute')] [Parameter(ParameterSetName='ByIPAddress')] [Parameter(ParameterSetName='ByNeighbor')] [Parameter(ParameterSetName='ByAdapter')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByRoute')] [Parameter(ParameterSetName='ByIPAddress')] [Parameter(ParameterSetName='ByNeighbor')] [Parameter(ParameterSetName='ByAdapter')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('InterfaceIndex') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceIndex}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceIndex', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceAlias') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceAlias}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceAlias', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AddressFamily') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AddressFamily}) $__cmdletization_queryBuilder.FilterByProperty('AddressFamily', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Forwarding') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Forwarding}) $__cmdletization_queryBuilder.FilterByProperty('Forwarding', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ClampMss') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ClampMss}) $__cmdletization_queryBuilder.FilterByProperty('ClampMss', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Advertising') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Advertising}) $__cmdletization_queryBuilder.FilterByProperty('Advertising', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('NlMtuBytes') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${NlMtuBytes}) $__cmdletization_queryBuilder.FilterByProperty('NlMtu', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceMetric') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceMetric}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceMetric', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('NeighborUnreachabilityDetection') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${NeighborUnreachabilityDetection}) $__cmdletization_queryBuilder.FilterByProperty('NeighborUnreachabilityDetection', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('BaseReachableTimeMs') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${BaseReachableTimeMs}) $__cmdletization_queryBuilder.FilterByProperty('BaseReachableTime', $__cmdlet ScriptBlock ID: 31ce4a19-6fb6-451c-a171-dd41570f349d Path:	4104	1		3	2	15	0	1498	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:52 PM	9d04040e-981f-0004-7c19-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): throw } } # .EXTERNALHELP MSFT_NetIPAddress.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetIPAddress' -Alias '*' function Remove-NetIPAddress { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='High', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetIPAddress')] param( [Parameter(ParameterSetName='Query (cdxml)', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('LocalAddress')] [ValidateNotNull()] [string[]] ${IPAddress}, [Parameter(ParameterSetName='Query (cdxml)', ValueFromPipelineByPropertyName=$true)] [Alias('ifIndex')] [ValidateNotNull()] [uint32[]] ${InterfaceIndex}, [Parameter(ParameterSetName='Query (cdxml)', ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias')] [ValidateNotNull()] [string[]] ${InterfaceAlias}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.AddressFamily[]] ${AddressFamily}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.Type[]] ${Type}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [byte[]] ${PrefixLength}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.PrefixOrigin[]] ${PrefixOrigin}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.SuffixOrigin[]] ${SuffixOrigin}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.AddressState[]] ${AddressState}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [timespan[]] ${ValidLifetime}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [timespan[]] ${PreferredLifetime}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [bool[]] ${SkipAsSource}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${PolicyStore}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${DefaultGateway}, [Parameter(ParameterSetName='Query (cdxml)')] [switch] ${IncludeAllCompartments}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIPAddress')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPAddress') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPAddress}) $__cmdletization_queryBuilder.FilterByProperty('IPAddress', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceIndex') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceIndex}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceIndex', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceAlias') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceAlias}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceAlias', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AddressFamily') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AddressFamily}) $__cmdletization_queryBuilder.FilterByProperty('AddressFamily', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Type') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Type}) $__cmdletization_queryBuilder.FilterByProperty('Type', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PrefixLength') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrefixLength}) $__cmdletization_queryBuilder.FilterByProperty('PrefixLength', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PrefixOrigin') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrefixOrigin}) $__cmdletization_queryBuilder.FilterByProperty('PrefixOrigin', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('SuffixOrigin') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${SuffixOrigin}) $__cmdletization_queryBuilder.FilterByProperty('SuffixOrigin', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AddressState') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AddressState}) $__cmdletization_queryBuilder.FilterByProperty('AddressState', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ValidLifetime') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ValidLifetime}) $__cmdletization_queryBuilder.FilterByProperty('ValidLifetime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PreferredLifetime') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PreferredLifetime}) $__cmdletization_queryBuilder.FilterByProperty('PreferredLifetime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('SkipAsSource') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${SkipAsSource}) $__cmdletization_queryBuilder.FilterByProperty('SkipAsSource', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('DefaultGateway') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('DefaultGateway', ${DefaultGateway}) } if ($PSBoundParameters.ContainsKey('IncludeAllCompartments') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeAllCompartments', ${IncludeAllCompartments}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('Query (cdxml)', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetIPAddress.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetIPAddress' -Alias '*' ScriptBlock ID: 0790673f-7a4b-443c-a079-956e56f1458d Path:	4104	1		3	2	15	0	1497	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:51 PM	9d04040e-981f-0004-7619-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): erByProperty('PrefixLength', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PrefixOrigin') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrefixOrigin}) $__cmdletization_queryBuilder.FilterByProperty('PrefixOrigin', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('SuffixOrigin') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${SuffixOrigin}) $__cmdletization_queryBuilder.FilterByProperty('SuffixOrigin', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AddressState') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AddressState}) $__cmdletization_queryBuilder.FilterByProperty('AddressState', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ValidLifetime') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ValidLifetime}) $__cmdletization_queryBuilder.FilterByProperty('ValidLifetime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PreferredLifetime') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PreferredLifetime}) $__cmdletization_queryBuilder.FilterByProperty('PreferredLifetime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('SkipAsSource') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${SkipAsSource}) $__cmdletization_queryBuilder.FilterByProperty('SkipAsSource', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedIPInterface') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedIPInterface}, 'MSFT_NetIPInterfaceIPAddress', 'Antecedent', 'Dependent', 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('IncludeAllCompartments') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeAllCompartments', ${IncludeAllCompartments}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetIPAddress.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPAddress' -Alias '*' function Set-NetIPAddress { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetIPAddress')] param( [Parameter(ParameterSetName='Query (cdxml)', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('LocalAddress')] [ValidateNotNull()] [string[]] ${IPAddress}, [Parameter(ParameterSetName='Query (cdxml)', ValueFromPipelineByPropertyName=$true)] [Alias('ifIndex')] [ValidateNotNull()] [uint32[]] ${InterfaceIndex}, [Parameter(ParameterSetName='Query (cdxml)', ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias')] [ValidateNotNull()] [string[]] ${InterfaceAlias}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.AddressFamily[]] ${AddressFamily}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.Type[]] ${Type}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.PrefixOrigin[]] ${PrefixOrigin}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.SuffixOrigin[]] ${SuffixOrigin}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.AddressState[]] ${AddressState}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${PolicyStore}, [Parameter(ParameterSetName='Query (cdxml)')] [switch] ${IncludeAllCompartments}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIPAddress')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [byte] ${PrefixLength}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [timespan] ${ValidLifetime}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [timespan] ${PreferredLifetime}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${SkipAsSource}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPAddress') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPAddress}) $__cmdletization_queryBuilder.FilterByProperty('IPAddress', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceIndex') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceIndex}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceIndex', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceAlias') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceAlias}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceAlias', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AddressFamily') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AddressFamily}) $__cmdletization_queryBuilder.FilterByProperty('AddressFamily', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Type') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Type}) $__cmdletization_queryBuilder.FilterByProperty('Type', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PrefixOrigin') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrefixOrigin}) $__cmdletization_queryBuilder.FilterByProperty('PrefixOrigin', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('SuffixOrigin') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${SuffixOrigin}) $__cmdletization_queryBuilder.FilterByProperty('SuffixOrigin', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AddressState') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AddressState}) $__cmdletization_queryBuilder.FilterByProperty('AddressState', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('IncludeAllCompartments') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeAllCompartments', ${IncludeAllCompartments}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('Query (cdxml)', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PrefixLength')) { [object]$__cmdletization_value = ${PrefixLength} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrefixLength'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrefixLength'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ValidLifetime')) { [object]$__cmdletization_value = ${ValidLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ValidLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ValidLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PreferredLifetime')) { [object]$__cmdletization_value = ${PreferredLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PreferredLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PreferredLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SkipAsSource')) { [object]$__cmdletization_value = ${SkipAsSource} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SkipAsSource'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SkipAsSource'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { ScriptBlock ID: 0790673f-7a4b-443c-a079-956e56f1458d Path:	4104	1		3	2	15	0	1496	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:51 PM	9d04040e-981f-0004-7619-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceIndex')) { [object]$__cmdletization_value = ${InterfaceIndex} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceIndex'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceIndex'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DefaultGateway')) { [object]$__cmdletization_value = ${DefaultGateway} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefaultGateway'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefaultGateway'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AddressFamily')) { [object]$__cmdletization_value = ${AddressFamily} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressFamily'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.AddressFamily'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressFamily'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.AddressFamily'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Type')) { [object]$__cmdletization_value = ${Type} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Type'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.Type'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Type'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.Type'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PrefixLength')) { [object]$__cmdletization_value = ${PrefixLength} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrefixLength'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrefixLength'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ValidLifetime')) { [object]$__cmdletization_value = ${ValidLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ValidLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ValidLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PreferredLifetime')) { [object]$__cmdletization_value = ${PreferredLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PreferredLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PreferredLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SkipAsSource')) { [object]$__cmdletization_value = ${SkipAsSource} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SkipAsSource'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SkipAsSource'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.UInt32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Create', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetIPAddress.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'New-NetIPAddress' -Alias '*' function Get-NetIPAddress { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetIPAddress')] param( [Parameter(ParameterSetName='Query (cdxml)', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('LocalAddress')] [ValidateNotNull()] [string[]] ${IPAddress}, [Parameter(ParameterSetName='Query (cdxml)', ValueFromPipelineByPropertyName=$true)] [Alias('ifIndex')] [ValidateNotNull()] [uint32[]] ${InterfaceIndex}, [Parameter(ParameterSetName='Query (cdxml)', ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias')] [ValidateNotNull()] [string[]] ${InterfaceAlias}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.AddressFamily[]] ${AddressFamily}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.Type[]] ${Type}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [byte[]] ${PrefixLength}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.PrefixOrigin[]] ${PrefixOrigin}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.SuffixOrigin[]] ${SuffixOrigin}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.AddressState[]] ${AddressState}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [timespan[]] ${ValidLifetime}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [timespan[]] ${PreferredLifetime}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [bool[]] ${SkipAsSource}, [Parameter(ParameterSetName='Query (cdxml)', ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIPInterface')] [ValidateNotNull()] [ciminstance] ${AssociatedIPInterface}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${PolicyStore}, [Parameter(ParameterSetName='Query (cdxml)')] [switch] ${IncludeAllCompartments}, [Parameter(ParameterSetName='Query (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPAddress') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPAddress}) $__cmdletization_queryBuilder.FilterByProperty('IPAddress', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceIndex') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceIndex}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceIndex', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceAlias') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceAlias}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceAlias', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AddressFamily') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AddressFamily}) $__cmdletization_queryBuilder.FilterByProperty('AddressFamily', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Type') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Type}) $__cmdletization_queryBuilder.FilterByProperty('Type', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PrefixLength') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrefixLength}) $__cmdletization_queryBuilder.Filt ScriptBlock ID: 0790673f-7a4b-443c-a079-956e56f1458d Path:	4104	1		3	2	15	0	1495	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:51 PM	9d04040e-981f-0004-7619-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetIPAddress' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function New-NetIPAddress { [CmdletBinding(DefaultParameterSetName='ByInterfaceAlias', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance[]])][OutputType([Microsoft.Management.Infrastructure.CimInstance[]])] param( [Parameter(ParameterSetName='ByInterfaceAlias', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ByInterfaceIndex', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('LocalAddress')] [string] ${IPAddress}, [Parameter(ParameterSetName='ByInterfaceAlias', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias')] [string] ${InterfaceAlias}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [string] ${DefaultGateway}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.AddressFamily] ${AddressFamily}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.Type] ${Type}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [byte] ${PrefixLength}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [timespan] ${ValidLifetime}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [timespan] ${PreferredLifetime}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [bool] ${SkipAsSource}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByInterfaceIndex', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifIndex')] [uint32] ${InterfaceIndex}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByInterfaceAlias') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPAddress')) { [object]$__cmdletization_value = ${IPAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceAlias')) { [object]$__cmdletization_value = ${InterfaceAlias} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceAlias'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceAlias'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DefaultGateway')) { [object]$__cmdletization_value = ${DefaultGateway} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefaultGateway'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefaultGateway'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AddressFamily')) { [object]$__cmdletization_value = ${AddressFamily} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressFamily'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.AddressFamily'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressFamily'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.AddressFamily'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Type')) { [object]$__cmdletization_value = ${Type} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Type'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.Type'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Type'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.Type'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PrefixLength')) { [object]$__cmdletization_value = ${PrefixLength} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrefixLength'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrefixLength'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ValidLifetime')) { [object]$__cmdletization_value = ${ValidLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ValidLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ValidLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PreferredLifetime')) { [object]$__cmdletization_value = ${PreferredLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PreferredLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PreferredLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SkipAsSource')) { [object]$__cmdletization_value = ${SkipAsSource} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SkipAsSource'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SkipAsSource'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.UInt32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Create', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } { @('ByInterfaceIndex') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPAddress')) { [object]$__cmdletization_value = ${IPAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} ScriptBlock ID: 0790673f-7a4b-443c-a079-956e56f1458d Path:	4104	1		3	2	15	0	1494	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:51 PM	9d04040e-981f-0004-7619-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/StandardCimv2/MSFT_NetCompartment' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetCompartment { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/StandardCimv2/MSFT_NetCompartment')] param( [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [uint32[]] ${CompartmentId}, [Parameter(ParameterSetName='Query (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('CompartmentId') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${CompartmentId}) $__cmdletization_queryBuilder.FilterByProperty('CompartmentId', $__cmdletization_values, $false, 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetCompartment.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetCompartment' -Alias '*' ScriptBlock ID: b36b0fc5-70ed-4509-928b-0dc455497121 Path:	4104	1		3	2	15	0	1493	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4556	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:51 PM	9d04040e-981f-0004-7319-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1492	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	3916	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:50 PM	9d04040e-981f-0002-da0d-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1460 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1491	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	4476	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:50 PM	9d04040e-981f-0002-da0d-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1490	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1460	3916	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:50 PM	9d04040e-981f-0002-da0d-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = d982f20f-4365-4f7b-a699-44a34d295369 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 77ebd62c-f25e-49d1-8038-4a450f4a7bb3 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1489	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1972	1996	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:50 PM	9d04040e-981f-0003-f656-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 89b0063f-70f7-4e2d-a53e-d2d99a0224bf Path:	4104	1		3	2	15	0	1488	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1972	2200	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:50 PM	9d04040e-981f-0001-bd12-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: d7e04373-1ec8-472a-8d8a-a595df144cc3 Path:	4104	1		3	2	15	0	1487	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1972	2200	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:50 PM	9d04040e-981f-0001-b612-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 25ef8e50-3655-4469-8360-b15513c88828 Path:	4104	1		3	2	15	0	1486	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1972	2200	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:49 PM	9d04040e-981f-0001-a712-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "(Get-NetIPAddress -addressfamily ipv4).interfacealias -notlike \"Loopback*\"", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 43852d6d-2447-4eb9-b4c4-6eeec6aa2c96 Path:	4104	1		3	2	15	0	1485	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1972	2200	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:49 PM	9d04040e-981f-0001-a112-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): ZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0 ScriptBlock ID: 43852d6d-2447-4eb9-b4c4-6eeec6aa2c96 Path:	4104	1		3	2	15	0	1484	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1972	2200	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:49 PM	9d04040e-981f-0001-a112-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBu ScriptBlock ID: 43852d6d-2447-4eb9-b4c4-6eeec6aa2c96 Path:	4104	1		3	2	15	0	1483	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1972	2200	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:49 PM	9d04040e-981f-0001-a112-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1482	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1972	3136	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:49 PM	9d04040e-981f-0002-d30d-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1972 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1481	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1972	4416	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:49 PM	9d04040e-981f-0002-d30d-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1480	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1972	3136	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:49 PM	9d04040e-981f-0002-d30d-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 1177cfd2-1a1a-41bb-ac9e-c017685385c5 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 59cd9898-91ed-4638-bc75-683fc7fccefd Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 35 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1479	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4424	3492	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:45 PM	9d04040e-981f-0005-3654-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $_.$guid_key -eq $adapter.SettingID } ScriptBlock ID: d6a2c391-6177-477a-aac9-75c6fb8cd6b9 Path:	4104	1		3	2	15	0	1478	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4424	3492	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:45 PM	9d04040e-981f-0005-3454-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Error Message = The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: The term 'facter' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. Fully Qualified Error ID = CommandNotFoundException,Microsoft.PowerShell.Commands.GetCommandCommand Context: Severity = Warning Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 1177cfd2-1a1a-41bb-ac9e-c017685385c5 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 59cd9898-91ed-4638-bc75-683fc7fccefd Pipeline ID = 5 Command Name = Get-Command Command Type = Cmdlet Script Name = Command Path = Sequence Number = 33 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4100	1		3	106	19	0	1477	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4424	3492	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:45 PM	9d04040e-981f-0001-7712-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	To be used when an exception is raised	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2018, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy Function Get-CustomFacts { [cmdletBinding()] param ( [Parameter(mandatory=$false)] $factpath = $null ) if (-not (Test-Path -Path $factpath)) { Fail-Json $result "The path $factpath does not exist. Typo?" } $FactsFiles = Get-ChildItem -Path $factpath | Where-Object -FilterScript {($PSItem.PSIsContainer -eq $false) -and ($PSItem.Extension -eq '.ps1')} foreach ($FactsFile in $FactsFiles) { $out = & $($FactsFile.FullName) $result.ansible_facts.Add("ansible_$(($FactsFile.Name).Split('.')[0])", $out) } } Function Get-MachineSid { # The Machine SID is stored in HKLM:\SECURITY\SAM\Domains\Account and is # only accessible by the Local System account. This method get's the local # admin account (ends with -500) and lops it off to get the machine sid. $admins_sid = "S-1-5-32-544" $admin_group = ([Security.Principal.SecurityIdentifier]$admins_sid).Translate([Security.Principal.NTAccount]).Value Add-Type -AssemblyName System.DirectoryServices.AccountManagement $principal_context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine) $group_principal = New-Object -TypeName System.DirectoryServices.AccountManagement.GroupPrincipal($principal_context, $admin_group) $searcher = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalSearcher($group_principal) $groups = $searcher.FindOne() $machine_sid = $null foreach ($user in $groups.Members) { $user_sid = $user.Sid if ($user_sid.Value.EndsWith("-500")) { $machine_sid = $user_sid.AccountDomainSid.Value break } } return $machine_sid } $cim_instances = @{} Function Get-LazyCimInstance([string]$instance_name, [string]$namespace="Root\CIMV2") { if(-not $cim_instances.ContainsKey($instance_name)) { $cim_instances[$instance_name] = $(Get-CimInstance -Namespace $namespace -ClassName $instance_name) } return $cim_instances[$instance_name] } $result = @{ ansible_facts = @{ } changed = $false } $grouped_subsets = @{ min=[System.Collections.Generic.List[string]]@('date_time','distribution','dns','env','local','platform','powershell_version','user') network=[System.Collections.Generic.List[string]]@('all_ipv4_addresses','all_ipv6_addresses','interfaces','windows_domain', 'winrm') hardware=[System.Collections.Generic.List[string]]@('bios','memory','processor','uptime') external=[System.Collections.Generic.List[string]]@('facter') } # build "all" set from everything mentioned in the group- this means every value must be in at least one subset to be considered legal $all_set = [System.Collections.Generic.HashSet[string]]@() foreach($kv in $grouped_subsets.GetEnumerator()) { [void] $all_set.UnionWith($kv.Value) } # dynamically create an "all" subset now that we know what should be in it $grouped_subsets['all'] = [System.Collections.Generic.List[string]]$all_set # start with all, build up gather and exclude subsets $gather_subset = [System.Collections.Generic.HashSet[string]]$grouped_subsets.all $explicit_subset = [System.Collections.Generic.HashSet[string]]@() $exclude_subset = [System.Collections.Generic.HashSet[string]]@() $params = Parse-Args $args -supports_check_mode $true $factpath = Get-AnsibleParam -obj $params -name "fact_path" -type "path" $gather_subset_source = Get-AnsibleParam -obj $params -name "gather_subset" -type "list" -default "all" foreach($item in $gather_subset_source) { if(([string]$item).StartsWith("!")) { $item = ([string]$item).Substring(1) if($item -eq "all") { $all_minus_min = [System.Collections.Generic.HashSet[string]]@($all_set) [void] $all_minus_min.ExceptWith($grouped_subsets.min) [void] $exclude_subset.UnionWith($all_minus_min) } elseif($grouped_subsets.ContainsKey($item)) { [void] $exclude_subset.UnionWith($grouped_subsets[$item]) } elseif($all_set.Contains($item)) { [void] $exclude_subset.Add($item) } # NB: invalid exclude values are ignored, since that's what posix setup does } else { if($grouped_subsets.ContainsKey($item)) { [void] $explicit_subset.UnionWith($grouped_subsets[$item]) } elseif($all_set.Contains($item)) { [void] $explicit_subset.Add($item) } else { # NB: POSIX setup fails on invalid value; we warn, because we don't implement the same set as POSIX # and we don't have platform-specific config for this... Add-Warning $result "invalid value $item specified in gather_subset" } } } [void] $gather_subset.ExceptWith($exclude_subset) [void] $gather_subset.UnionWith($explicit_subset) $ansible_facts = @{ gather_subset=@($gather_subset_source) module_setup=$true } $osversion = [Environment]::OSVersion if($gather_subset.Contains('all_ipv4_addresses') -or $gather_subset.Contains('all_ipv6_addresses')) { $netcfg = Get-LazyCimInstance Win32_NetworkAdapterConfiguration # TODO: split v4/v6 properly, return in separate keys $ips = @() Foreach ($ip in $netcfg.IPAddress) { If ($ip) { $ips += $ip } } $ansible_facts += @{ ansible_ip_addresses = $ips } } if($gather_subset.Contains('bios')) { $win32_bios = Get-LazyCimInstance Win32_Bios $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $ansible_facts += @{ ansible_bios_date = $win32_bios.ReleaseDate.ToString("MM/dd/yyyy") ansible_bios_version = $win32_bios.SMBIOSBIOSVersion ansible_product_name = $win32_cs.Model.Trim() ansible_product_serial = $win32_bios.SerialNumber # ansible_product_version = ([string] $win32_cs.SystemFamily) } } if($gather_subset.Contains('date_time')) { $datetime = (Get-Date) $datetime_utc = $datetime.ToUniversalTime() $date = @{ date = $datetime.ToString("yyyy-MM-dd") day = $datetime.ToString("dd") epoch = (Get-Date -UFormat "%s") hour = $datetime.ToString("HH") iso8601 = $datetime_utc.ToString("yyyy-MM-ddTHH:mm:ssZ") iso8601_basic = $datetime.ToString("yyyyMMddTHHmmssffffff") iso8601_basic_short = $datetime.ToString("yyyyMMddTHHmmss") iso8601_micro = $datetime_utc.ToString("yyyy-MM-ddTHH:mm:ss.ffffffZ") minute = $datetime.ToString("mm") month = $datetime.ToString("MM") second = $datetime.ToString("ss") time = $datetime.ToString("HH:mm:ss") tz = ([System.TimeZoneInfo]::Local.Id) tz_offset = $datetime.ToString("zzzz") # Ensure that the weekday is in English weekday = $datetime.ToString("dddd", [System.Globalization.CultureInfo]::InvariantCulture) weekday_number = (Get-Date -UFormat "%w") weeknumber = (Get-Date -UFormat "%W") year = $datetime.ToString("yyyy") } $ansible_facts += @{ ansible_date_time = $date } } if($gather_subset.Contains('distribution')) { $win32_os = Get-LazyCimInstance Win32_OperatingSystem $product_type = switch($win32_os.ProductType) { 1 { "workstation" } 2 { "domain_controller" } 3 { "server" } default { "unknown" } } $ansible_facts += @{ ansible_distribution = $win32_os.Caption ansible_distribution_version = $osversion.Version.ToString() ansible_distribution_major_version = $osversion.Version.Major.ToString() ansible_os_family = "Windows" ansible_os_name = ($win32_os.Name.Split('|')[0]).Trim() ansible_os_product_type = $product_type } } if($gather_subset.Contains('env')) { $env_vars = @{ } foreach ($item in Get-ChildItem Env:) { $name = $item | select -ExpandProperty Name # Powershell ConvertTo-Json fails if string ends with \ $value = ($item | select -ExpandProperty Value).TrimEnd("\") $env_vars.Add($name, $value) } $ansible_facts += @{ ansible_env = $env_vars } } if($gather_subset.Contains('facter')) { # See if Facter is on the System Path Try { $facter_exe = Get-Command facter -ErrorAction Stop $facter_installed = $true } Catch { $facter_installed = $false } # Get JSON from Facter, and parse it out. if ($facter_installed) { &facter -j | Tee-Object -Variable facter_output | Out-Null $facts = "$facter_output" | ConvertFrom-Json ForEach($fact in $facts.PSObject.Properties) { $fact_name = $fact.Name $ansible_facts.Add("facter_$fact_name", $fact.Value) } } } if($gather_subset.Contains('interfaces')) { $netcfg = Get-LazyCimInstance Win32_NetworkAdapterConfiguration $ActiveNetcfg = @() $ActiveNetcfg += $netcfg | where {$_.ipaddress -ne $null} $namespaces = Get-LazyCimInstance __Namespace -namespace root if ($namespaces | Where-Object { $_.Name -eq "StandardCimv" }) { $net_adapters = Get-LazyCimInstance MSFT_NetAdapter -namespace Root\StandardCimv2 $guid_key = "InterfaceGUID" $name_key = "Name" } else { $net_adapters = Get-LazyCimInstance Win32_NetworkAdapter $guid_key = "GUID" $name_key = "NetConnectionID" } $formattednetcfg = @() foreach ($adapter in $ActiveNetcfg) { $thisadapter = @{ default_gateway = $null connection_name = $null dns_domain = $adapter.dnsdomain interface_index = $adapter.InterfaceIndex interface_name = $adapter.description macaddress = $adapter.macaddress } if ($adapter.defaultIPGateway) { $thisadapter.default_gateway = $adapter.DefaultIPGateway[0].ToString() } $net_adapter = $net_adapters | Where-Object { $_.$guid_key -eq $adapter.SettingID } if ($net_adapter) { $thisadapter.connection_name = $net_adapter.$name_key } $formattednetcfg += $thisadapter } $ansible_facts += @{ ansible_interfaces = $formattednetcfg } } if ($gather_subset.Contains("local") -and $factpath -ne $null) { # Get any custom facts; results are updated in the Get-CustomFacts -factpath $factpath } if($gather_subset.Contains('memory')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ansible_facts += @{ # Win32_PhysicalMemory is empty on some virtual platforms ansible_memtotal_mb = ([math]::round($win32_cs.TotalPhysicalMemory / 1024 / 1024)) ansible_swaptotal_mb = ([math]::round($win32_os.TotalSwapSpaceSize / 1024 / 1024)) } } if($gather_subset.Contains('platform')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ip_props = [System.Net.NetworkInformation.IPGlobalProperties]::GetIPGlobalProperties() $ansible_facts += @{ ansible_architecture = $win32_os.OSArchitecture ansible_domain = $ip_props.DomainName ansible_fqdn = ($ip_props.Hostname + "." + $ip_props.DomainName) ansible_hostname = $env:COMPUTERNAME ansible_kernel = $osversion.Version.ToString() ansible_nodename = ($ip_props.HostName + "." + $ip_props.DomainName) ansible_machine_id = Get-MachineSid ansible_owner_contact = ([string] $win32_cs.PrimaryOwnerContact) ansible_owner_name = ([string] $win32_cs.PrimaryOwnerName) # FUTURE: should this live in its own subset? ansible_reboot_pending = (Get-PendingRebootStatus) ansible_system = $osversion.Platform.ToString() ansible_system_description = ([string] $win32_os.Description) ansible_system_vendor = $win32_cs.Manufacturer } } if($gather_subset.Contains('powershell_version')) { $ansible_facts += @{ ansible_powershell_version = ($PSVersionTable.PSVersion.Major) } } if($gather_subset.Contains('processor')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_cpu = Get-LazyCimInstance Win32_Processor if ($win32_cpu -is [array]) { # multi-socket, pick first $win32_cpu = $win32_cpu[0] } $cpu_list = @( ) for ($i=1; $i -le ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors); $i++) { $cpu_list += $win32_cpu.Manufacturer $cpu_list += $win32_cpu.Name } $ansible_facts += @{ ansible_processor = $cpu_list ansible_processor_cores = $win32_cpu.NumberOfCores ansible_processor_count = $win32_cs.NumberOfProcessors ansible_processor_threads_per_core = ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors / $win32_cpu.NumberOfCores) ansible_processor_vcpus = ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors) } } if($gather_subset.Contains('uptime')) { $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ansible_facts += @{ ansible_lastboot = $win32_os.lastbootuptime.ToString("u") ansible_uptime_seconds = $([System.Convert]::ToInt64($(Get-Date).Subtract($win32_os.lastbootuptime).TotalSeconds)) } } if($gather_subset.Contains('user')) { $user = [Security.Principal.WindowsIdentity]::GetCurrent() $ansible_facts += @{ ansible_user_dir = $env:userprofile # Win32_UserAccount.FullName is probably the right thing here, but it can be expensive to get on large domains ansible_user_gecos = "" ansible_user_id = $env:username ansible_user_sid = $user.User.Value } } if($gather_subset.Contains('windows_domain')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $domain_roles = @{ 0 = "Stand-alone workstation" 1 = "Member workstation" 2 = "Stand-alone server" 3 = "Member server" 4 = "Backup domain controller" 5 = "Primary domain controller" } $domain_role = $domain_roles.Get_Item([Int32]$win32_cs.DomainRole) $ansible_facts += @{ ansible_windows_domain = $win32_cs.Domain ansible_windows_domain_member = $win32_cs.PartOfDomain ansible_windows_domain_role = $domain_role } } if($gather_subset.Contains('winrm')) { $winrm_https_listener_parent_paths = Get-ChildItem -Path WSMan:\localhost\Listener -Recurse | Where-Object {$_.PSChildName -eq "Transport" -and $_.Value -eq "HTTPS"} | select PSParentPath if ($winrm_https_listener_parent_paths -isnot [array]) { $winrm_https_listener_parent_paths = @($winrm_https_listener_parent_paths) } $winrm_https_listener_paths = @() foreach ($winrm_https_listener_parent_path in $winrm_https_listener_parent_paths) { $winrm_https_listener_paths += $winrm_https_listener_parent_path.PSParentPath.Substring($winrm_https_listener_parent_path.PSParentPath.LastIndexOf("\")) } $https_listeners = @() foreach ($winrm_https_listener_path in $winrm_https_listener_paths) { $https_listeners += Get-ChildItem -Path "WSMan:\localhost\Listener$winrm_https_listener_path" } $winrm_cert_thumbprints = @() foreach ($https_listener in $https_listeners) { $winrm_cert_thumbprints += $https_listener | where {$_.Name -EQ "CertificateThumbprint" } | select Value } $winrm_cert_expiry = @() foreach ($winrm_cert_thumbprint in $winrm_cert_thumbprints) { Try { $winrm_cert_expiry += Get-ChildItem -Path Cert:\LocalMachine\My | where Thumbprint -EQ $winrm_cert_thumbprint.Value.ToString().ToUpper() | select NotAfter } Catch {} } $winrm_cert_expirations = $winrm_cert_expiry | Sort-Object NotAfter if ($winrm_cert_expirations) { # this fact was renamed from ansible_winrm_certificate_expires due to collision with ansible_winrm_X connection var pattern $ansible_facts.Add("ansible_win_rm_certificate_expires", $winrm_cert_expirations[0].NotAfter.ToString("yyyy-MM-dd HH:mm:ss")) } } $result.ansible_facts += $ansible_facts Exit-Json $result ScriptBlock ID: d2e99116-afad-4de1-93bb-d4134e166a63 Path:	4104	1		3	2	15	0	1476	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4424	3492	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:43 PM	9d04040e-981f-0002-ab0d-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 46ade3cf-7418-483c-8769-52226da2427a Path:	4104	1		3	2	15	0	1475	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4424	2136	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:42 PM	9d04040e-981f-0005-b553-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: d5c81b36-e80d-4a77-96d7-da4b5336283e Path:	4104	1		3	2	15	0	1474	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4424	2136	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:42 PM	9d04040e-981f-0005-a653-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): XNzCiAgICAgICAgfQoKICAgICAgICBpZiAoJGFkYXB0ZXIuZGVmYXVsdElQR2F0ZXdheSkKICAgICAgICB7CiAgICAgICAgICAgICR0aGlzYWRhcHRlci5kZWZhdWx0X2dhdGV3YXkgPSAkYWRhcHRlci5EZWZhdWx0SVBHYXRld2F5WzBdLlRvU3RyaW5nKCkKICAgICAgICB9CiAgICAgICAgJG5ldF9hZGFwdGVyID0gJG5ldF9hZGFwdGVycyB8IFdoZXJlLU9iamVjdCB7ICRfLiRndWlkX2tleSAtZXEgJGFkYXB0ZXIuU2V0dGluZ0lEIH0KICAgICAgICBpZiAoJG5ldF9hZGFwdGVyKSB7CiAgICAgICAgICAgICR0aGlzYWRhcHRlci5jb25uZWN0aW9uX25hbWUgPSAkbmV0X2FkYXB0ZXIuJG5hbWVfa2V5CiAgICAgICAgfQoKICAgICAgICAkZm9ybWF0dGVkbmV0Y2ZnICs9ICR0aGlzYWRhcHRlcgogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9pbnRlcmZhY2VzID0gJGZvcm1hdHRlZG5ldGNmZwogICAgfQp9CgppZiAoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoImxvY2FsIikgLWFuZCAkZmFjdHBhdGggLW5lICRudWxsKSB7CiAgICAjIEdldCBhbnkgY3VzdG9tIGZhY3RzOyByZXN1bHRzIGFyZSB1cGRhdGVkIGluIHRoZQogICAgR2V0LUN1c3RvbUZhY3RzIC1mYWN0cGF0aCAkZmFjdHBhdGgKfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ21lbW9yeScpKSB7CiAgICAkd2luMzJfY3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX0NvbXB1dGVyU3lzdGVtCiAgICAkd2luMzJfb3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX09wZXJhdGluZ1N5c3RlbQogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICAjIFdpbjMyX1BoeXNpY2FsTWVtb3J5IGlzIGVtcHR5IG9uIHNvbWUgdmlydHVhbCBwbGF0Zm9ybXMKICAgICAgICBhbnNpYmxlX21lbXRvdGFsX21iID0gKFttYXRoXTo6cm91bmQoJHdpbjMyX2NzLlRvdGFsUGh5c2ljYWxNZW1vcnkgLyAxMDI0IC8gMTAyNCkpCiAgICAgICAgYW5zaWJsZV9zd2FwdG90YWxfbWIgPSAoW21hdGhdOjpyb3VuZCgkd2luMzJfb3MuVG90YWxTd2FwU3BhY2VTaXplIC8gMTAyNCAvIDEwMjQpKQogICAgfQp9CgoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ3BsYXRmb3JtJykpIHsKICAgICR3aW4zMl9jcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfQ29tcHV0ZXJTeXN0ZW0KICAgICR3aW4zMl9vcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfT3BlcmF0aW5nU3lzdGVtCiAgICAkaXBfcHJvcHMgPSBbU3lzdGVtLk5ldC5OZXR3b3JrSW5mb3JtYXRpb24uSVBHbG9iYWxQcm9wZXJ0aWVzXTo6R2V0SVBHbG9iYWxQcm9wZXJ0aWVzKCkKCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfYXJjaGl0ZWN0dXJlID0gJHdpbjMyX29zLk9TQXJjaGl0ZWN0dXJlCiAgICAgICAgYW5zaWJsZV9kb21haW4gPSAkaXBfcHJvcHMuRG9tYWluTmFtZQogICAgICAgIGFuc2libGVfZnFkbiA9ICgkaXBfcHJvcHMuSG9zdG5hbWUgKyAiLiIgKyAkaXBfcHJvcHMuRG9tYWluTmFtZSkKICAgICAgICBhbnNpYmxlX2hvc3RuYW1lID0gJGVudjpDT01QVVRFUk5BTUUKICAgICAgICBhbnNpYmxlX2tlcm5lbCA9ICRvc3ZlcnNpb24uVmVyc2lvbi5Ub1N0cmluZygpCiAgICAgICAgYW5zaWJsZV9ub2RlbmFtZSA9ICgkaXBfcHJvcHMuSG9zdE5hbWUgKyAiLiIgKyAkaXBfcHJvcHMuRG9tYWluTmFtZSkKICAgICAgICBhbnNpYmxlX21hY2hpbmVfaWQgPSBHZXQtTWFjaGluZVNpZAogICAgICAgIGFuc2libGVfb3duZXJfY29udGFjdCA9IChbc3RyaW5nXSAkd2luMzJfY3MuUHJpbWFyeU93bmVyQ29udGFjdCkKICAgICAgICBhbnNpYmxlX293bmVyX25hbWUgPSAoW3N0cmluZ10gJHdpbjMyX2NzLlByaW1hcnlPd25lck5hbWUpCiAgICAgICAgIyBGVVRVUkU6IHNob3VsZCB0aGlzIGxpdmUgaW4gaXRzIG93biBzdWJzZXQ/CiAgICAgICAgYW5zaWJsZV9yZWJvb3RfcGVuZGluZyA9IChHZXQtUGVuZGluZ1JlYm9vdFN0YXR1cykKICAgICAgICBhbnNpYmxlX3N5c3RlbSA9ICRvc3ZlcnNpb24uUGxhdGZvcm0uVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfc3lzdGVtX2Rlc2NyaXB0aW9uID0gKFtzdHJpbmddICR3aW4zMl9vcy5EZXNjcmlwdGlvbikKICAgICAgICBhbnNpYmxlX3N5c3RlbV92ZW5kb3IgPSAkd2luMzJfY3MuTWFudWZhY3R1cmVyCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdwb3dlcnNoZWxsX3ZlcnNpb24nKSkgewogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICBhbnNpYmxlX3Bvd2Vyc2hlbGxfdmVyc2lvbiA9ICgkUFNWZXJzaW9uVGFibGUuUFNWZXJzaW9uLk1ham9yKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygncHJvY2Vzc29yJykpIHsKICAgICR3aW4zMl9jcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfQ29tcHV0ZXJTeXN0ZW0KICAgICR3aW4zMl9jcHUgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX1Byb2Nlc3NvcgogICAgaWYgKCR3aW4zMl9jcHUgLWlzIFthcnJheV0pIHsKICAgICAgICAjIG11bHRpLXNvY2tldCwgcGljayBmaXJzdAogICAgICAgICR3aW4zMl9jcHUgPSAkd2luMzJfY3B1WzBdCiAgICB9CgogICAgJGNwdV9saXN0ID0gQCggKQogICAgZm9yICgkaT0xOyAkaSAtbGUgKCR3aW4zMl9jcHUuTnVtYmVyT2ZMb2dpY2FsUHJvY2Vzc29ycyAvICR3aW4zMl9jcy5OdW1iZXJPZlByb2Nlc3NvcnMpOyAkaSsrKSB7CiAgICAgICAgJGNwdV9saXN0ICs9ICR3aW4zMl9jcHUuTWFudWZhY3R1cmVyCiAgICAgICAgJGNwdV9saXN0ICs9ICR3aW4zMl9jcHUuTmFtZQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9wcm9jZXNzb3IgPSAkY3B1X2xpc3QKICAgICAgICBhbnNpYmxlX3Byb2Nlc3Nvcl9jb3JlcyA9ICR3aW4zMl9jcHUuTnVtYmVyT2ZDb3JlcwogICAgICAgIGFuc2libGVfcHJvY2Vzc29yX2NvdW50ID0gJHdpbjMyX2NzLk51bWJlck9mUHJvY2Vzc29ycwogICAgICAgIGFuc2libGVfcHJvY2Vzc29yX3RocmVhZHNfcGVyX2NvcmUgPSAoJHdpbjMyX2NwdS5OdW1iZXJPZkxvZ2ljYWxQcm9jZXNzb3JzIC8gJHdpbjMyX2NzLk51bWJlck9mUHJvY2Vzc29ycyAvICR3aW4zMl9jcHUuTnVtYmVyT2ZDb3JlcykKICAgICAgICBhbnNpYmxlX3Byb2Nlc3Nvcl92Y3B1cyA9ICgkd2luMzJfY3B1Lk51bWJlck9mTG9naWNhbFByb2Nlc3NvcnMgLyAkd2luMzJfY3MuTnVtYmVyT2ZQcm9jZXNzb3JzKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygndXB0aW1lJykpIHsKICAgICR3aW4zMl9vcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfT3BlcmF0aW5nU3lzdGVtCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfbGFzdGJvb3QgPSAkd2luMzJfb3MubGFzdGJvb3R1cHRpbWUuVG9TdHJpbmcoInUiKQogICAgICAgIGFuc2libGVfdXB0aW1lX3NlY29uZHMgPSAkKFtTeXN0ZW0uQ29udmVydF06OlRvSW50NjQoJChHZXQtRGF0ZSkuU3VidHJhY3QoJHdpbjMyX29zLmxhc3Rib290dXB0aW1lKS5Ub3RhbFNlY29uZHMpKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygndXNlcicpKSB7CiAgICAkdXNlciA9IFtTZWN1cml0eS5QcmluY2lwYWwuV2luZG93c0lkZW50aXR5XTo6R2V0Q3VycmVudCgpCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfdXNlcl9kaXIgPSAkZW52OnVzZXJwcm9maWxlCiAgICAgICAgIyBXaW4zMl9Vc2VyQWNjb3VudC5GdWxsTmFtZSBpcyBwcm9iYWJseSB0aGUgcmlnaHQgdGhpbmcgaGVyZSwgYnV0IGl0IGNhbiBiZSBleHBlbnNpdmUgdG8gZ2V0IG9uIGxhcmdlIGRvbWFpbnMKICAgICAgICBhbnNpYmxlX3VzZXJfZ2Vjb3MgPSAiIgogICAgICAgIGFuc2libGVfdXNlcl9pZCA9ICRlbnY6dXNlcm5hbWUKICAgICAgICBhbnNpYmxlX3VzZXJfc2lkID0gJHVzZXIuVXNlci5WYWx1ZQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnd2luZG93c19kb21haW4nKSkgewogICAgJHdpbjMyX2NzID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9Db21wdXRlclN5c3RlbQogICAgJGRvbWFpbl9yb2xlcyA9IEB7CiAgICAgICAgMCA9ICJTdGFuZC1hbG9uZSB3b3Jrc3RhdGlvbiIKICAgICAgICAxID0gIk1lbWJlciB3b3Jrc3RhdGlvbiIKICAgICAgICAyID0gIlN0YW5kLWFsb25lIHNlcnZlciIKICAgICAgICAzID0gIk1lbWJlciBzZXJ2ZXIiCiAgICAgICAgNCA9ICJCYWNrdXAgZG9tYWluIGNvbnRyb2xsZXIiCiAgICAgICAgNSA9ICJQcmltYXJ5IGRvbWFpbiBjb250cm9sbGVyIgogICAgfQoKICAgICRkb21haW5fcm9sZSA9ICRkb21haW5fcm9sZXMuR2V0X0l0ZW0oW0ludDMyXSR3aW4zMl9jcy5Eb21haW5Sb2xlKQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV93aW5kb3dzX2RvbWFpbiA9ICR3aW4zMl9jcy5Eb21haW4KICAgICAgICBhbnNpYmxlX3dpbmRvd3NfZG9tYWluX21lbWJlciA9ICR3aW4zMl9jcy5QYXJ0T2ZEb21haW4KICAgICAgICBhbnNpYmxlX3dpbmRvd3NfZG9tYWluX3JvbGUgPSAkZG9tYWluX3JvbGUKICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ3dpbnJtJykpIHsKCiAgICAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGFyZW50X3BhdGhzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCBXU01hbjpcbG9jYWxob3N0XExpc3RlbmVyIC1SZWN1cnNlIHwgV2hlcmUtT2JqZWN0IHskXy5QU0NoaWxkTmFtZSAtZXEgIlRyYW5zcG9ydCIgLWFuZCAkXy5WYWx1ZSAtZXEgIkhUVFBTIn0gfCBzZWxlY3QgUFNQYXJlbnRQYXRoCiAgICBpZiAoJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocyAtaXNub3QgW2FycmF5XSkgewogICAgICAgJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocyA9IEAoJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocykKICAgIH0KCiAgICAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aHMgPSBAKCkKICAgIGZvcmVhY2ggKCR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aCBpbiAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGFyZW50X3BhdGhzKSB7CiAgICAgICAgJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhdGhzICs9ICR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aC5QU1BhcmVudFBhdGguU3Vic3RyaW5nKCR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aC5QU1BhcmVudFBhdGguTGFzdEluZGV4T2YoIlwiKSkKICAgIH0KCiAgICAkaHR0cHNfbGlzdGVuZXJzID0gQCgpCiAgICBmb3JlYWNoICgkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aCBpbiAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aHMpIHsKICAgICAgICAkaHR0cHNfbGlzdGVuZXJzICs9IEdldC1DaGlsZEl0ZW0gLVBhdGggIldTTWFuOlxsb2NhbGhvc3RcTGlzdGVuZXIkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aCIKICAgIH0KCiAgICAkd2lucm1fY2VydF90aHVtYnByaW50cyA9IEAoKQogICAgZm9yZWFjaCAoJGh0dHBzX2xpc3RlbmVyIGluICRodHRwc19saXN0ZW5lcnMpIHsKICAgICAgICAkd2lucm1fY2VydF90aHVtYnByaW50cyArPSAkaHR0cHNfbGlzdGVuZXIgfCB3aGVyZSB7JF8uTmFtZSAtRVEgIkNlcnRpZmljYXRlVGh1bWJwcmludCIgfSB8IHNlbGVjdCBWYWx1ZQogICAgfQoKICAgICR3aW5ybV9jZXJ0X2V4cGlyeSA9IEAoKQogICAgZm9yZWFjaCAoJHdpbnJtX2NlcnRfdGh1bWJwcmludCBpbiAkd2lucm1fY2VydF90aHVtYnByaW50cykgewogICAgICAgIFRyeSB7CiAgICAgICAgICAgICR3aW5ybV9jZXJ0X2V4cGlyeSArPSBHZXQtQ2hpbGRJdGVtIC1QYXRoIENlcnQ6XExvY2FsTWFjaGluZVxNeSB8IHdoZXJlIFRodW1icHJpbnQgLUVRICR3aW5ybV9jZXJ0X3RodW1icHJpbnQuVmFsdWUuVG9TdHJpbmcoKS5Ub1VwcGVyKCkgfCBzZWxlY3QgTm90QWZ0ZXIKICAgICAgICB9IENhdGNoIHt9CiAgICB9CgogICAgJHdpbnJtX2NlcnRfZXhwaXJhdGlvbnMgPSAkd2lucm1fY2VydF9leHBpcnkgfCBTb3J0LU9iamVjdCBOb3RBZnRlcgogICAgaWYgKCR3aW5ybV9jZXJ0X2V4cGlyYXRpb25zKSB7CiAgICAgICAgIyB0aGlzIGZhY3Qgd2FzIHJlbmFtZWQgZnJvbSBhbnNpYmxlX3dpbnJtX2NlcnRpZmljYXRlX2V4cGlyZXMgZHVlIHRvIGNvbGxpc2lvbiB3aXRoIGFuc2libGVfd2lucm1fWCBjb25uZWN0aW9uIHZhciBwYXR0ZXJuCiAgICAgICAgJGFuc2libGVfZmFjdHMuQWRkKCJhbnNpYmxlX3dpbl9ybV9jZXJ0aWZpY2F0ZV9leHBpcmVzIiwgJHdpbnJtX2NlcnRfZXhwaXJhdGlvbnNbMF0uTm90QWZ0ZXIuVG9TdHJpbmcoInl5eXktTU0tZGQgSEg6bW06c3MiKSkKICAgIH0KfQoKJHJlc3VsdC5hbnNpYmxlX2ZhY3RzICs9ICRhbnNpYmxlX2ZhY3RzCgpFeGl0LUpzb24gJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "gather_timeout": 10, "_ansible_module_name": "setup", "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "gather_subset": ["all"], "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 9a3ed7f2-8ade-4a25-9884-fd766e9069bb Path:	4104	1		3	2	15	0	1473	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4424	2136	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:42 PM	9d04040e-981f-0005-a053-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): wZV06Ok1hY2hpbmUpCiAgICAkZ3JvdXBfcHJpbmNpcGFsID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50Lkdyb3VwUHJpbmNpcGFsKCRwcmluY2lwYWxfY29udGV4dCwgJGFkbWluX2dyb3VwKQogICAgJHNlYXJjaGVyID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50LlByaW5jaXBhbFNlYXJjaGVyKCRncm91cF9wcmluY2lwYWwpCiAgICAkZ3JvdXBzID0gJHNlYXJjaGVyLkZpbmRPbmUoKQoKICAgICRtYWNoaW5lX3NpZCA9ICRudWxsCiAgICBmb3JlYWNoICgkdXNlciBpbiAkZ3JvdXBzLk1lbWJlcnMpIHsKICAgICAgICAkdXNlcl9zaWQgPSAkdXNlci5TaWQKICAgICAgICBpZiAoJHVzZXJfc2lkLlZhbHVlLkVuZHNXaXRoKCItNTAwIikpIHsKICAgICAgICAgICAgJG1hY2hpbmVfc2lkID0gJHVzZXJfc2lkLkFjY291bnREb21haW5TaWQuVmFsdWUKICAgICAgICAgICAgYnJlYWsKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICRtYWNoaW5lX3NpZAp9CgokY2ltX2luc3RhbmNlcyA9IEB7fQoKRnVuY3Rpb24gR2V0LUxhenlDaW1JbnN0YW5jZShbc3RyaW5nXSRpbnN0YW5jZV9uYW1lLCBbc3RyaW5nXSRuYW1lc3BhY2U9IlJvb3RcQ0lNVjIiKSB7CiAgICBpZigtbm90ICRjaW1faW5zdGFuY2VzLkNvbnRhaW5zS2V5KCRpbnN0YW5jZV9uYW1lKSkgewogICAgICAgICRjaW1faW5zdGFuY2VzWyRpbnN0YW5jZV9uYW1lXSA9ICQoR2V0LUNpbUluc3RhbmNlIC1OYW1lc3BhY2UgJG5hbWVzcGFjZSAtQ2xhc3NOYW1lICRpbnN0YW5jZV9uYW1lKQogICAgfQoKICAgIHJldHVybiAkY2ltX2luc3RhbmNlc1skaW5zdGFuY2VfbmFtZV0KfQoKJHJlc3VsdCA9IEB7CiAgICBhbnNpYmxlX2ZhY3RzID0gQHsgfQogICAgY2hhbmdlZCA9ICRmYWxzZQp9CgokZ3JvdXBlZF9zdWJzZXRzID0gQHsKICAgIG1pbj1bU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuTGlzdFtzdHJpbmddXUAoJ2RhdGVfdGltZScsJ2Rpc3RyaWJ1dGlvbicsJ2RucycsJ2VudicsJ2xvY2FsJywncGxhdGZvcm0nLCdwb3dlcnNoZWxsX3ZlcnNpb24nLCd1c2VyJykKICAgIG5ldHdvcms9W1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkxpc3Rbc3RyaW5nXV1AKCdhbGxfaXB2NF9hZGRyZXNzZXMnLCdhbGxfaXB2Nl9hZGRyZXNzZXMnLCdpbnRlcmZhY2VzJywnd2luZG93c19kb21haW4nLCAnd2lucm0nKQogICAgaGFyZHdhcmU9W1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkxpc3Rbc3RyaW5nXV1AKCdiaW9zJywnbWVtb3J5JywncHJvY2Vzc29yJywndXB0aW1lJykKICAgIGV4dGVybmFsPVtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0W3N0cmluZ11dQCgnZmFjdGVyJykKfQoKIyBidWlsZCAiYWxsIiBzZXQgZnJvbSBldmVyeXRoaW5nIG1lbnRpb25lZCBpbiB0aGUgZ3JvdXAtIHRoaXMgbWVhbnMgZXZlcnkgdmFsdWUgbXVzdCBiZSBpbiBhdCBsZWFzdCBvbmUgc3Vic2V0IHRvIGJlIGNvbnNpZGVyZWQgbGVnYWwKJGFsbF9zZXQgPSBbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSGFzaFNldFtzdHJpbmddXUAoKQoKZm9yZWFjaCgka3YgaW4gJGdyb3VwZWRfc3Vic2V0cy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgIFt2b2lkXSAkYWxsX3NldC5VbmlvbldpdGgoJGt2LlZhbHVlKQp9CgojIGR5bmFtaWNhbGx5IGNyZWF0ZSBhbiAiYWxsIiBzdWJzZXQgbm93IHRoYXQgd2Uga25vdyB3aGF0IHNob3VsZCBiZSBpbiBpdAokZ3JvdXBlZF9zdWJzZXRzWydhbGwnXSA9IFtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0W3N0cmluZ11dJGFsbF9zZXQKCiMgc3RhcnQgd2l0aCBhbGwsIGJ1aWxkIHVwIGdhdGhlciBhbmQgZXhjbHVkZSBzdWJzZXRzCiRnYXRoZXJfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV0kZ3JvdXBlZF9zdWJzZXRzLmFsbAokZXhwbGljaXRfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV1AKCkKJGV4Y2x1ZGVfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV1AKCkKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCiRmYWN0cGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmYWN0X3BhdGgiIC10eXBlICJwYXRoIgokZ2F0aGVyX3N1YnNldF9zb3VyY2UgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2F0aGVyX3N1YnNldCIgLXR5cGUgImxpc3QiIC1kZWZhdWx0ICJhbGwiCgpmb3JlYWNoKCRpdGVtIGluICRnYXRoZXJfc3Vic2V0X3NvdXJjZSkgewogICAgaWYoKFtzdHJpbmddJGl0ZW0pLlN0YXJ0c1dpdGgoIiEiKSkgewogICAgICAgICRpdGVtID0gKFtzdHJpbmddJGl0ZW0pLlN1YnN0cmluZygxKQogICAgICAgIGlmKCRpdGVtIC1lcSAiYWxsIikgewogICAgICAgICAgICAkYWxsX21pbnVzX21pbiA9IFtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5IYXNoU2V0W3N0cmluZ11dQCgkYWxsX3NldCkKICAgICAgICAgICAgW3ZvaWRdICRhbGxfbWludXNfbWluLkV4Y2VwdFdpdGgoJGdyb3VwZWRfc3Vic2V0cy5taW4pCiAgICAgICAgICAgIFt2b2lkXSAkZXhjbHVkZV9zdWJzZXQuVW5pb25XaXRoKCRhbGxfbWludXNfbWluKQogICAgICAgIH0KICAgICAgICBlbHNlaWYoJGdyb3VwZWRfc3Vic2V0cy5Db250YWluc0tleSgkaXRlbSkpIHsKICAgICAgICAgICAgW3ZvaWRdICRleGNsdWRlX3N1YnNldC5VbmlvbldpdGgoJGdyb3VwZWRfc3Vic2V0c1skaXRlbV0pCiAgICAgICAgfQogICAgICAgIGVsc2VpZigkYWxsX3NldC5Db250YWlucygkaXRlbSkpIHsKICAgICAgICAgICAgW3ZvaWRdICRleGNsdWRlX3N1YnNldC5BZGQoJGl0ZW0pCiAgICAgICAgfQogICAgICAgICMgTkI6IGludmFsaWQgZXhjbHVkZSB2YWx1ZXMgYXJlIGlnbm9yZWQsIHNpbmNlIHRoYXQncyB3aGF0IHBvc2l4IHNldHVwIGRvZXMKICAgIH0KICAgIGVsc2UgewogICAgICAgIGlmKCRncm91cGVkX3N1YnNldHMuQ29udGFpbnNLZXkoJGl0ZW0pKSB7CiAgICAgICAgICAgIFt2b2lkXSAkZXhwbGljaXRfc3Vic2V0LlVuaW9uV2l0aCgkZ3JvdXBlZF9zdWJzZXRzWyRpdGVtXSkKICAgICAgICB9CiAgICAgICAgZWxzZWlmKCRhbGxfc2V0LkNvbnRhaW5zKCRpdGVtKSkgewogICAgICAgICAgICBbdm9pZF0gJGV4cGxpY2l0X3N1YnNldC5BZGQoJGl0ZW0pCiAgICAgICAgfQogICAgICAgIGVsc2UgewogICAgICAgICAgICAjIE5COiBQT1NJWCBzZXR1cCBmYWlscyBvbiBpbnZhbGlkIHZhbHVlOyB3ZSB3YXJuLCBiZWNhdXNlIHdlIGRvbid0IGltcGxlbWVudCB0aGUgc2FtZSBzZXQgYXMgUE9TSVgKICAgICAgICAgICAgIyBhbmQgd2UgZG9uJ3QgaGF2ZSBwbGF0Zm9ybS1zcGVjaWZpYyBjb25maWcgZm9yIHRoaXMuLi4KICAgICAgICAgICAgQWRkLVdhcm5pbmcgJHJlc3VsdCAiaW52YWxpZCB2YWx1ZSAkaXRlbSBzcGVjaWZpZWQgaW4gZ2F0aGVyX3N1YnNldCIKICAgICAgICB9CiAgICB9Cn0KClt2b2lkXSAkZ2F0aGVyX3N1YnNldC5FeGNlcHRXaXRoKCRleGNsdWRlX3N1YnNldCkKW3ZvaWRdICRnYXRoZXJfc3Vic2V0LlVuaW9uV2l0aCgkZXhwbGljaXRfc3Vic2V0KQoKJGFuc2libGVfZmFjdHMgPSBAewogICAgZ2F0aGVyX3N1YnNldD1AKCRnYXRoZXJfc3Vic2V0X3NvdXJjZSkKICAgIG1vZHVsZV9zZXR1cD0kdHJ1ZQp9Cgokb3N2ZXJzaW9uID0gW0Vudmlyb25tZW50XTo6T1NWZXJzaW9uCgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnYWxsX2lwdjRfYWRkcmVzc2VzJykgLW9yICRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdhbGxfaXB2Nl9hZGRyZXNzZXMnKSkgewogICAgJG5ldGNmZyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfTmV0d29ya0FkYXB0ZXJDb25maWd1cmF0aW9uCiAgICAKICAgICMgVE9ETzogc3BsaXQgdjQvdjYgcHJvcGVybHksIHJldHVybiBpbiBzZXBhcmF0ZSBrZXlzCiAgICAkaXBzID0gQCgpCiAgICBGb3JlYWNoICgkaXAgaW4gJG5ldGNmZy5JUEFkZHJlc3MpIHsKICAgICAgICBJZiAoJGlwKSB7CiAgICAgICAgICAgICRpcHMgKz0gJGlwCiAgICAgICAgfQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9pcF9hZGRyZXNzZXMgPSAkaXBzCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdiaW9zJykpIHsKICAgICR3aW4zMl9iaW9zID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9CaW9zCiAgICAkd2luMzJfY3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX0NvbXB1dGVyU3lzdGVtCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfYmlvc19kYXRlID0gJHdpbjMyX2Jpb3MuUmVsZWFzZURhdGUuVG9TdHJpbmcoIk1NL2RkL3l5eXkiKQogICAgICAgIGFuc2libGVfYmlvc192ZXJzaW9uID0gJHdpbjMyX2Jpb3MuU01CSU9TQklPU1ZlcnNpb24KICAgICAgICBhbnNpYmxlX3Byb2R1Y3RfbmFtZSA9ICR3aW4zMl9jcy5Nb2RlbC5UcmltKCkKICAgICAgICBhbnNpYmxlX3Byb2R1Y3Rfc2VyaWFsID0gJHdpbjMyX2Jpb3MuU2VyaWFsTnVtYmVyCiAgICAgICAgIyBhbnNpYmxlX3Byb2R1Y3RfdmVyc2lvbiA9IChbc3RyaW5nXSAkd2luMzJfY3MuU3lzdGVtRmFtaWx5KQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnZGF0ZV90aW1lJykpIHsKICAgICRkYXRldGltZSA9IChHZXQtRGF0ZSkKICAgICRkYXRldGltZV91dGMgPSAkZGF0ZXRpbWUuVG9Vbml2ZXJzYWxUaW1lKCkKICAgICRkYXRlID0gQHsKICAgICAgICBkYXRlID0gJGRhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIikKICAgICAgICBkYXkgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoImRkIikKICAgICAgICBlcG9jaCA9IChHZXQtRGF0ZSAtVUZvcm1hdCAiJXMiKQogICAgICAgIGhvdXIgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIkhIIikKICAgICAgICBpc284NjAxID0gJGRhdGV0aW1lX3V0Yy5Ub1N0cmluZygieXl5eS1NTS1kZFRISDptbTpzc1oiKQogICAgICAgIGlzbzg2MDFfYmFzaWMgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXlNTWRkVEhIbW1zc2ZmZmZmZiIpCiAgICAgICAgaXNvODYwMV9iYXNpY19zaG9ydCA9ICRkYXRldGltZS5Ub1N0cmluZygieXl5eU1NZGRUSEhtbXNzIikKICAgICAgICBpc284NjAxX21pY3JvID0gJGRhdGV0aW1lX3V0Yy5Ub1N0cmluZygieXl5eS1NTS1kZFRISDptbTpzcy5mZmZmZmZaIikKICAgICAgICBtaW51dGUgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIm1tIikKICAgICAgICBtb250aCA9ICRkYXRldGltZS5Ub1N0cmluZygiTU0iKQogICAgICAgIHNlY29uZCA9ICRkYXRldGltZS5Ub1N0cmluZygic3MiKQogICAgICAgIHRpbWUgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIkhIOm1tOnNzIikKICAgICAgICB0eiA9IChbU3lzdGVtLlRpbWVab25lSW5mb106OkxvY2FsLklkKQogICAgICAgIHR6X29mZnNldCA9ICRkYXRldGltZS5Ub1N0cmluZygienp6eiIpCiAgICAgICAgIyBFbnN1cmUgdGhhdCB0aGUgd2Vla2RheSBpcyBpbiBFbmdsaXNoCiAgICAgICAgd2Vla2RheSA9ICRkYXRldGltZS5Ub1N0cmluZygiZGRkZCIsIFtTeXN0ZW0uR2xvYmFsaXphdGlvbi5DdWx0dXJlSW5mb106OkludmFyaWFudEN1bHR1cmUpCiAgICAgICAgd2Vla2RheV9udW1iZXIgPSAoR2V0LURhdGUgLVVGb3JtYXQgIiV3IikKICAgICAgICB3ZWVrbnVtYmVyID0gKEdldC1EYXRlIC1VRm9ybWF0ICIlVyIpCiAgICAgICAgeWVhciA9ICRkYXRldGltZS5Ub1N0cmluZygieXl5eSIpCiAgICB9CgogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICBhbnNpYmxlX2RhdGVfdGltZSA9ICRkYXRlCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdkaXN0cmlidXRpb24nKSkgewogICAgJHdpbjMyX29zID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9PcGVyYXRpbmdTeXN0ZW0KICAgICRwcm9kdWN0X3R5cGUgPSBzd2l0Y2goJHdpbjMyX29zLlByb2R1Y3RUeXBlKSB7CiAgICAgICAgMSB7ICJ3b3Jrc3RhdGlvbiIgfQogICAgICAgIDIgeyAiZG9tYWluX2NvbnRyb2xsZXIiIH0KICAgICAgICAzIHsgInNlcnZlciIgfQogICAgICAgIGRlZmF1bHQgeyAidW5rbm93biIgfQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9kaXN0cmlidXRpb24gPSAkd2luMzJfb3MuQ2FwdGlvbgogICAgICAgIGFuc2libGVfZGlzdHJpYnV0aW9uX3ZlcnNpb24gPSAkb3N2ZXJzaW9uLlZlcnNpb24uVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfZGlzdHJpYnV0aW9uX21ham9yX3ZlcnNpb24gPSAkb3N2ZXJzaW9uLlZlcnNpb24uTWFqb3IuVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfb3NfZmFtaWx5ID0gIldpbmRvd3MiCiAgICAgICAgYW5zaWJsZV9vc19uYW1lID0gKCR3aW4zMl9vcy5OYW1lLlNwbGl0KCd8JylbMF0pLlRyaW0oKQogICAgICAgIGFuc2libGVfb3NfcHJvZHVjdF90eXBlID0gJHByb2R1Y3RfdHlwZQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnZW52JykpIHsKICAgICRlbnZfdmFycyA9IEB7IH0KICAgIGZvcmVhY2ggKCRpdGVtIGluIEdldC1DaGlsZEl0ZW0gRW52OikgewogICAgICAgICRuYW1lID0gJGl0ZW0gfCBzZWxlY3QgLUV4cGFuZFByb3BlcnR5IE5hbWUKICAgICAgICAjIFBvd2Vyc2hlbGwgQ29udmVydFRvLUpzb24gZmFpbHMgaWYgc3RyaW5nIGVuZHMgd2l0aCBcCiAgICAgICAgJHZhbHVlID0gKCRpdGVtIHwgc2VsZWN0IC1FeHBhbmRQcm9wZXJ0eSBWYWx1ZSkuVHJpbUVuZCgiXCIpCiAgICAgICAgJGVudl92YXJzLkFkZCgkbmFtZSwgJHZhbHVlKQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9lbnYgPSAkZW52X3ZhcnMKICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ2ZhY3RlcicpKSB7CiAgICAjIFNlZSBpZiBGYWN0ZXIgaXMgb24gdGhlIFN5c3RlbSBQYXRoCiAgICBUcnkgewogICAgICAgICRmYWN0ZXJfZXhlID0gR2V0LUNvbW1hbmQgZmFjdGVyIC1FcnJvckFjdGlvbiBTdG9wCiAgICAgICAgJGZhY3Rlcl9pbnN0YWxsZWQgPSAkdHJ1ZQogICAgfSBDYXRjaCB7CiAgICAgICAgJGZhY3Rlcl9pbnN0YWxsZWQgPSAkZmFsc2UKICAgIH0KCiAgICAjIEdldCBKU09OIGZyb20gRmFjdGVyLCBhbmQgcGFyc2UgaXQgb3V0LgogICAgaWYgKCRmYWN0ZXJfaW5zdGFsbGVkKSB7CiAgICAgICAgJmZhY3RlciAtaiB8IFRlZS1PYmplY3QgIC1WYXJpYWJsZSBmYWN0ZXJfb3V0cHV0IHwgT3V0LU51bGwKICAgICAgICAkZmFjdHMgPSAiJGZhY3Rlcl9vdXRwdXQiIHwgQ29udmVydEZyb20tSnNvbgogICAgICAgIEZvckVhY2goJGZhY3QgaW4gJGZhY3RzLlBTT2JqZWN0LlByb3BlcnRpZXMpIHsKICAgICAgICAgICAgJGZhY3RfbmFtZSA9ICRmYWN0Lk5hbWUKICAgICAgICAgICAgJGFuc2libGVfZmFjdHMuQWRkKCJmYWN0ZXJfJGZhY3RfbmFtZSIsICRmYWN0LlZhbHVlKQogICAgICAgIH0KICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ2ludGVyZmFjZXMnKSkgewogICAgJG5ldGNmZyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfTmV0d29ya0FkYXB0ZXJDb25maWd1cmF0aW9uCiAgICAkQWN0aXZlTmV0Y2ZnID0gQCgpCiAgICAkQWN0aXZlTmV0Y2ZnICs9ICRuZXRjZmcgfCB3aGVyZSB7JF8uaXBhZGRyZXNzIC1uZSAkbnVsbH0KCiAgICAkbmFtZXNwYWNlcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgX19OYW1lc3BhY2UgLW5hbWVzcGFjZSByb290CiAgICBpZiAoJG5hbWVzcGFjZXMgfCBXaGVyZS1PYmplY3QgeyAkXy5OYW1lIC1lcSAiU3RhbmRhcmRDaW12IiB9KSB7CiAgICAgICAgJG5ldF9hZGFwdGVycyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgTVNGVF9OZXRBZGFwdGVyIC1uYW1lc3BhY2UgUm9vdFxTdGFuZGFyZENpbXYyCiAgICAgICAgJGd1aWRfa2V5ID0gIkludGVyZmFjZUdVSUQiCiAgICAgICAgJG5hbWVfa2V5ID0gIk5hbWUiCiAgICB9IGVsc2UgewogICAgICAgICRuZXRfYWRhcHRlcnMgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX05ldHdvcmtBZGFwdGVyICAgICAgICAKICAgICAgICAkZ3VpZF9rZXkgPSAiR1VJRCIKICAgICAgICAkbmFtZV9rZXkgPSAiTmV0Q29ubmVjdGlvbklEIgogICAgfQoKICAgICRmb3JtYXR0ZWRuZXRjZmcgPSBAKCkKICAgIGZvcmVhY2ggKCRhZGFwdGVyIGluICRBY3RpdmVOZXRjZmcpCiAgICB7CiAgICAgICAgJHRoaXNhZGFwdGVyID0gQHsKICAgICAgICAgICAgZGVmYXVsdF9nYXRld2F5ID0gJG51bGwKICAgICAgICAgICAgY29ubmVjdGlvbl9uYW1lID0gJG51bGwKICAgICAgICAgICAgZG5zX2RvbWFpbiA9ICRhZGFwdGVyLmRuc2RvbWFpbgogICAgICAgICAgICBpbnRlcmZhY2VfaW5kZXggPSAkYWRhcHRlci5JbnRlcmZhY2VJbmRleAogICAgICAgICAgICBpbnRlcmZhY2VfbmFtZSA9ICRhZGFwdGVyLmRlc2NyaXB0aW9uCiAgICAgICAgICAgIG1hY2FkZHJlc3MgPSAkYWRhcHRlci5tYWNhZGRyZ ScriptBlock ID: 9a3ed7f2-8ade-4a25-9884-fd766e9069bb Path:	4104	1		3	2	15	0	1472	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4424	2136	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:42 PM	9d04040e-981f-0005-a053-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTgsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCkZ1bmN0aW9uIEdldC1DdXN0b21GYWN0cyB7CiAgW2NtZGxldEJpbmRpbmcoKV0KICBwYXJhbSAoCiAgICBbUGFyYW1ldGVyKG1hbmRhdG9yeT0kZmFsc2UpXQogICAgJGZhY3RwYXRoID0gJG51bGwKICApCgogIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGZhY3RwYXRoKSkgewogICAgRmFpbC1Kc29uICRyZXN1bHQgIlRoZSBwYXRoICRmYWN0cGF0aCBkb2VzIG5vdCBleGlzdC4gVHlwbz8iCiAgfQoKICAkRmFjdHNGaWxlcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJGZhY3RwYXRoIHwgV2hlcmUtT2JqZWN0IC1GaWx0ZXJTY3JpcHQgeygkUFNJdGVtLlBTSXNDb250YWluZXIgLWVxICRmYWxzZSkgLWFuZCAoJFBTSXRlbS5FeHRlbnNpb24gLWVxICcucHMxJyl9CgogIGZvcmVhY2ggKCRGYWN0c0ZpbGUgaW4gJEZhY3RzRmlsZXMpIHsKICAgICAgJG91dCA9ICYgJCgkRmFjdHNGaWxlLkZ1bGxOYW1lKQogICAgICAkcmVzdWx0LmFuc2libGVfZmFjdHMuQWRkKCJhbnNpYmxlXyQoKCRGYWN0c0ZpbGUuTmFtZSkuU3BsaXQoJy4nKVswXSkiLCAkb3V0KQogIH0KfQoKRnVuY3Rpb24gR2V0LU1hY2hpbmVTaWQgewogICAgIyBUaGUgTWFjaGluZSBTSUQgaXMgc3RvcmVkIGluIEhLTE06XFNFQ1VSSVRZXFNBTVxEb21haW5zXEFjY291bnQgYW5kIGlzCiAgICAjIG9ubHkgYWNjZXNzaWJsZSBieSB0aGUgTG9jYWwgU3lzdGVtIGFjY291bnQuIFRoaXMgbWV0aG9kIGdldCdzIHRoZSBsb2NhbAogICAgIyBhZG1pbiBhY2NvdW50IChlbmRzIHdpdGggLTUwMCkgYW5kIGxvcHMgaXQgb2ZmIHRvIGdldCB0aGUgbWFjaGluZSBzaWQuCgogICAgJGFkbWluc19zaWQgPSAiUy0xLTUtMzItNTQ0IgogICAgJGFkbWluX2dyb3VwID0gKFtTZWN1cml0eS5QcmluY2lwYWwuU2VjdXJpdHlJZGVudGlmaWVyXSRhZG1pbnNfc2lkKS5UcmFuc2xhdGUoW1NlY3VyaXR5LlByaW5jaXBhbC5OVEFjY291bnRdKS5WYWx1ZSAKCiAgICBBZGQtVHlwZSAtQXNzZW1ibHlOYW1lIFN5c3RlbS5EaXJlY3RvcnlTZXJ2aWNlcy5BY2NvdW50TWFuYWdlbWVudAogICAgJHByaW5jaXBhbF9jb250ZXh0ID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50LlByaW5jaXBhbENvbnRleHQoW1N5c3RlbS5EaXJlY3RvcnlTZXJ2aWNlcy5BY2NvdW50TWFuYWdlbWVudC5Db250ZXh0VHl ScriptBlock ID: 9a3ed7f2-8ade-4a25-9884-fd766e9069bb Path:	4104	1		3	2	15	0	1471	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4424	2136	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:42 PM	9d04040e-981f-0005-a053-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3 ScriptBlock ID: 9a3ed7f2-8ade-4a25-9884-fd766e9069bb Path:	4104	1		3	2	15	0	1470	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4424	2136	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:42 PM	9d04040e-981f-0005-a053-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1469	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4424	5100	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:42 PM	9d04040e-981f-0002-a90d-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4424 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1468	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4424	1612	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:42 PM	9d04040e-981f-0002-a90d-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1467	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4424	5100	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 2:04:42 PM	9d04040e-981f-0002-a90d-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: cde37d2d-c260-4a35-b30c-0f1149049376 Path:	4104	1		3	2	15	0	1466	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3892	2096	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:18 PM	9d04040e-981f-0002-740d-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: bb901f1b-aa40-4924-8e1e-b840e6424606 Path:	4104	1		3	2	15	0	1465	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3892	2096	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:18 PM	9d04040e-981f-0002-610d-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMSAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgbm90IHdoYXQgd2Ugd2VyZSBsb29raW5nIGZvciwganVzdCBjaGFuZ2UgdG8gdGhhdCB0eXBlCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICAkc3ZjIHwgU2V0LVNlcnZpY2UgLVN0YXJ0dXBUeXBlICRzdGFydF9tb2RlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgIH0KICAgICAgICAKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgpGdW5jdGlvbiBTZXQtU2VydmljZUFjY291bnQoJHdtaV9zdmMsICR1c2VybmFtZV9zaWQsICR1c2VybmFtZSwgJHBhc3N3b3JkKSB7CiAgICBpZiAoJHJlc3VsdC51c2VybmFtZSAtZXEgIkxvY2FsU3lzdGVtIikgewogICAgICAgICRhY3R1YWxfc2lkID0gIlMtMS01LTE4IgogICAgfSBlbHNlIHsKICAgICAgICAkYWN0dWFsX3NpZCA9IENvbnZlcnQtVG9TSUQgLWFjY291bnRfbmFtZSAkcmVzdWx0LnVzZXJuYW1lCiAgICB9CgogICAgaWYgKCRhY3R1YWxfc2lkIC1uZSAkdXNlcm5hbWVfc2lkKSB7CiAgICAgICAgJGNoYW5nZV9hcmd1bWVudHMgPSBAewogICAgICAgICAgICBTdGFydE5hbWUgPSAkdXNlcm5hbWUKICAgICAgICAgICAgU3RhcnRQYXNzd29yZCA9ICRwYXNzd29yZAogICAgICAgICAgICBEZXNrdG9wSW50ZXJhY3QgPSAkcmVzdWx0LmRlc2t0b3BfaW50ZXJhY3QKICAgICAgICB9CiAgICAgICAgIyBuZWVkIHRvIGRpc2FibGUgZGVza3RvcCBpbnRlcmFjdCB3aGVuIG5vdCB1c2luZyB0aGUgU1lTVEVNIGFjY291bnQKICAgICAgICBpZiAoJHVzZXJuYW1lX3NpZCAtbmUgIlMtMS01LTE4IikgewogICAgICAgICAgICAkY2hhbmdlX2FyZ3VtZW50cy5EZXNrdG9wSW50ZXJhY3QgPSAkZmFsc2UKICAgICAgICB9CgogICAgICAgICNXTUkuQ2hhbmdlIGRvZXNuJ3Qgc3VwcG9ydCAtV2hhdElmLCBjYW5ub3QgZnVsbHkgdGVzdCB3aXRoIGNoZWNrX21vZGUKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAkcmV0dXJuID0gJHdtaV9zdmMgfCBJbnZva2UtQ2ltTWV0aG9kIC1NZXRob2ROYW1lIENoYW5nZSAtQXJndW1lbnRzICRjaGFuZ2VfYXJndW1lbnRzCiAgICAgICAgICAgIGlmICgkcmV0dXJuLlJldHVyblZhbHVlIC1uZSAwKSB7CiAgICAgICAgICAgICAgICAkZXJyb3JfbXNnID0gR2V0LVdtaUVycm9yTWVzc2FnZSAtcmV0dXJuX3ZhbHVlICRyZXN1bHQuUmV0dXJuVmFsdWUKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBzZXQgc2VydmljZSBhY2NvdW50IHRvICQoJHVzZXJuYW1lKTogJCgkcmV0dXJuLlJldHVyblZhbHVlKSAtICRlcnJvcl9tc2ciCiAgICAgICAgICAgIH0KICAgICAgICB9ICAgICAgICAKCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEZXNrdG9wSW50ZXJhY3QoJHdtaV9zdmMsICRkZXNrdG9wX2ludGVyYWN0KSB7CiAgICBpZiAoJHJlc3VsdC5kZXNrdG9wX2ludGVyYWN0IC1uZSAkZGVza3RvcF9pbnRlcmFjdCkgewogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICRyZXR1cm4gPSAkd21pX3N2YyB8IEludm9rZS1DaW1NZXRob2QgLU1ldGhvZE5hbWUgQ2hhbmdlIC1Bcmd1bWVudHMgQHtEZXNrdG9wSW50ZXJhY3QgPSAkZGVza3RvcF9pbnRlcmFjdH0KICAgICAgICAgICAgaWYgKCRyZXR1cm4uUmV0dXJuVmFsdWUgLW5lIDApIHsKICAgICAgICAgICAgICAgICRlcnJvcl9tc2cgPSBHZXQtV21pRXJyb3JNZXNzYWdlIC1yZXR1cm5fdmFsdWUgJHJldHVybi5SZXR1cm5WYWx1ZQogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRmFpbGVkIHRvIHNldCBkZXNrdG9wIGludGVyYWN0ICQoJGRlc2t0b3BfaW50ZXJhY3QpOiAkKCRyZXR1cm4uUmV0dXJuVmFsdWUpIC0gJGVycm9yX21zZyIKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEaXNwbGF5TmFtZSgkc3ZjLCAkZGlzcGxheV9uYW1lKSB7CiAgICBpZiAoJHJlc3VsdC5kaXNwbGF5X25hbWUgLW5lICRkaXNwbGF5X25hbWUpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU2V0LVNlcnZpY2UgLURpc3BsYXlOYW1lICRkaXNwbGF5X25hbWUgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgIH0KICAgICAgICAKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgpGdW5jdGlvbiBTZXQtU2VydmljZURlc2NyaXB0aW9uKCRzdmMsICRkZXNjcmlwdGlvbikgewogICAgaWYgKCRyZXN1bHQuZGVzY3JpcHRpb24gLW5lICRkZXNjcmlwdGlvbikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgICRzdmMgfCBTZXQtU2VydmljZSAtRGVzY3JpcHRpb24gJGRlc2NyaXB0aW9uIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VQYXRoKCRuYW1lLCAkcGF0aCkgewogICAgaWYgKCRyZXN1bHQucGF0aCAtbmUgJHBhdGgpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICBTZXQtSXRlbVByb3BlcnR5IC1MaXRlcmFsUGF0aCAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCRuYW1lIiAtTmFtZSBJbWFnZVBhdGggLVZhbHVlICRwYXRoIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEZXBlbmRlbmNpZXMoJHdtaV9zdmMsICRkZXBlbmRlbmN5X2FjdGlvbiwgJGRlcGVuZGVuY2llcykgewogICAgJGV4aXN0aW5nX2RlcGVuZGVuY2llcyA9ICRyZXN1bHQuZGVwZW5kZW5jaWVzCiAgICBbU3lzdGVtLkNvbGxlY3Rpb25zLkFycmF5TGlzdF0kbmV3X2RlcGVuZGVuY2llcyA9IEAoKQoKICAgIGlmICgkZGVwZW5kZW5jeV9hY3Rpb24gLWVxICdzZXQnKSB7CiAgICAgICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJGRlcGVuZGVuY2llcykgewogICAgICAgICAgICAkbmV3X2RlcGVuZGVuY2llcy5BZGQoJGRlcGVuZGVuY3kpCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkbmV3X2RlcGVuZGVuY2llcyA9ICRleGlzdGluZ19kZXBlbmRlbmNpZXMKICAgICAgICBmb3JlYWNoICgkZGVwZW5kZW5jeSBpbiAkZGVwZW5kZW5jaWVzKSB7CiAgICAgICAgICAgIGlmICgkZGVwZW5kZW5jeV9hY3Rpb24gLWVxICdyZW1vdmUnKSB7CiAgICAgICAgICAgICAgICBpZiAoJG5ld19kZXBlbmRlbmNpZXMgLWNvbnRhaW5zICRkZXBlbmRlbmN5KSB7CiAgICAgICAgICAgICAgICAgICAgJG5ld19kZXBlbmRlbmNpZXMuUmVtb3ZlKCRkZXBlbmRlbmN5KQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2VpZiAoJGRlcGVuZGVuY3lfYWN0aW9uIC1lcSAnYWRkJykgewogICAgICAgICAgICAgICAgaWYgKCRuZXdfZGVwZW5kZW5jaWVzIC1ub3Rjb250YWlucyAkZGVwZW5kZW5jeSkgewogICAgICAgICAgICAgICAgICAgICRuZXdfZGVwZW5kZW5jaWVzLkFkZCgkZGVwZW5kZW5jeSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAkd2lsbF9jaGFuZ2UgPSAkZmFsc2UKICAgIGZvcmVhY2ggKCRkZXBlbmRlbmN5IGluICRuZXdfZGVwZW5kZW5jaWVzKSB7CiAgICAgICAgaWYgKCRleGlzdGluZ19kZXBlbmRlbmNpZXMgLW5vdGNvbnRhaW5zICRkZXBlbmRlbmN5KSB7CiAgICAgICAgICAgICR3aWxsX2NoYW5nZSA9ICR0cnVlCiAgICAgICAgfQogICAgfQogICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJGV4aXN0aW5nX2RlcGVuZGVuY2llcykgewogICAgICAgIGlmICgkbmV3X2RlcGVuZGVuY2llcyAtbm90Y29udGFpbnMgJGRlcGVuZGVuY3kpIHsKICAgICAgICAgICAgJHdpbGxfY2hhbmdlID0gJHRydWUKICAgICAgICB9CiAgICB9CgogICAgaWYgKCR3aWxsX2NoYW5nZSAtZXEgJHRydWUpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAkcmV0dXJuID0gJHdtaV9zdmMgfCBJbnZva2UtQ2ltTWV0aG9kIC1NZXRob2ROYW1lIENoYW5nZSAtQXJndW1lbnRzIEB7U2VydmljZURlcGVuZGVuY2llcyA9ICRuZXdfZGVwZW5kZW5jaWVzfQogICAgICAgICAgICBpZiAoJHJldHVybi5SZXR1cm5WYWx1ZSAtbmUgMCkgewogICAgICAgICAgICAgICAgJGVycm9yX21zZyA9IEdldC1XbWlFcnJvck1lc3NhZ2UgLXJldHVybl92YWx1ZSAkcmV0dXJuLlJldHVyblZhbHVlCiAgICAgICAgICAgICAgICAkZGVwX3N0cmluZyA9ICRuZXdfZGVwZW5kZW5jaWVzIC1qb2luICIsICIKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBzZXQgc2VydmljZSBkZXBlbmRlbmNpZXMgJCgkZGVwX3N0cmluZyk6ICQoJHJldHVybi5SZXR1cm5WYWx1ZSkgLSAkZXJyb3JfbXNnIgogICAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1TZXJ2aWNlU3RhdGUoJHN2YywgJHdtaV9zdmMsICRzdGF0ZSkgewogICAgaWYgKCRzdGF0ZSAtZXEgInN0YXJ0ZWQiIC1hbmQgJHJlc3VsdC5zdGF0ZSAtbmUgInJ1bm5pbmciKSB7CiAgICAgICAgaWYgKCRyZXN1bHQuc3RhdGUgLWVxICJwYXVzZWQiKSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3ZjIHwgUmVzdW1lLVNlcnZpY2UgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJmYWlsZWQgdG8gc3RhcnQgc2VydmljZSBmcm9tIHBhdXNlZCBzdGF0ZSAkKCRzdmMuTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgdHJ5IHsKICAgICAgICAgICAgICAgICRzdmMgfCBTdGFydC1TZXJ2aWNlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgInN0b3BwZWQiIC1hbmQgJHJlc3VsdC5zdGF0ZSAtbmUgInN0b3BwZWQiKSB7CiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHN2YyB8IFN0b3AtU2VydmljZSAtRm9yY2U6JGZvcmNlX2RlcGVuZGVudF9zZXJ2aWNlcyAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICRfLkV4Y2VwdGlvbi5NZXNzYWdlCiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgInJlc3RhcnRlZCIpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgUmVzdGFydC1TZXJ2aWNlIC1Gb3JjZTokZm9yY2VfZGVwZW5kZW50X3NlcnZpY2VzIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAicGF1c2VkIiAtYW5kICRyZXN1bHQuc3RhdGUgLW5lICJwYXVzZWQiKSB7CiAgICAgICAgIyBjaGVjayB0aGF0IHdlIGNhbiBhY3R1YWxseSBwYXVzZSB0aGUgc2VydmljZQogICAgICAgIGlmICgkcmVzdWx0LmNhbl9wYXVzZV9hbmRfY29udGludWUgLWVxICRmYWxzZSkgewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAiZmFpbGVkIHRvIHBhdXNlIHNlcnZpY2UgJCgkc3ZjLk5hbWUpOiBUaGUgc2VydmljZSBkb2VzIG5vdCBzdXBwb3J0IHBhdXNpbmciCiAgICAgICAgfQoKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU3VzcGVuZC1TZXJ2aWNlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgImZhaWxlZCB0byBwYXVzZSBzZXJ2aWNlICQoJHN2Yy5OYW1lKTogJCgkXy5FeGNlcHRpb24uTWVzc2FnZSkiCiAgICAgICAgfQogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgImFic2VudCIpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU3RvcC1TZXJ2aWNlIC1Gb3JjZTokZm9yY2VfZGVwZW5kZW50X3NlcnZpY2VzIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgJHJldHVybiA9ICR3bWlfc3ZjIHwgSW52b2tlLUNpbU1ldGhvZCAtTWV0aG9kTmFtZSBEZWxldGUKICAgICAgICAgICAgaWYgKCRyZXR1cm4uUmV0dXJuVmFsdWUgLW5lIDApIHsKICAgICAgICAgICAgICAgICRlcnJvcl9tc2cgPSBHZXQtV21pRXJyb3JNZXNzYWdlIC1yZXR1cm5fdmFsdWUgJHJldHVybi5SZXR1cm5WYWx1ZQogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRmFpbGVkIHRvIGRlbGV0ZSBzZXJ2aWNlICQoJHN2Yy5OYW1lKTogJCgkcmV0dXJuLlJldHVyblZhbHVlKSAtICRlcnJvcl9tc2ciCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VDb25maWd1cmF0aW9uKCRzdmMpIHsKICAgICR3bWlfc3ZjID0gR2V0LUNpbUluc3RhbmNlIC1DbGFzc05hbWUgV2luMzJfU2VydmljZSAtRmlsdGVyICJuYW1lPSckKCRzdmMuTmFtZSknIgogICAgR2V0LVNlcnZpY2VJbmZvIC1uYW1lICRzdmMuTmFtZQogICAgaWYgKCRkZXNrdG9wX2ludGVyYWN0IC1lcSAkdHJ1ZSAtYW5kICgtbm90ICgkcmVzdWx0LnVzZXJuYW1lIC1lcSAnTG9jYWxTeXN0ZW0nIC1vciAkdXNlcm5hbWUgLWVxICdMb2NhbFN5c3RlbScpKSkgewogICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJDYW4gb25seSBzZXQgZGVza3RvcF9pbnRlcmFjdCB0byB0cnVlIHdoZW4gc2VydmljZSBpcyBydW4gd2l0aC9vciAndXNlcm5hbWUnIGVxdWFscyAnTG9jYWxTeXN0ZW0nIgogICAgfQoKICAgIGlmICgkc3RhcnRfbW9kZSAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZVN0YXJ0TW9kZSAtc3ZjICRzdmMgLXN0YXJ0X21vZGUgJHN0YXJ0X21vZGUKICAgIH0KCiAgICBpZiAoJHVzZXJuYW1lIC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlQWNjb3VudCAtd21pX3N2YyAkd21pX3N2YyAtdXNlcm5hbWVfc2lkICR1c2VybmFtZV9zaWQgLXVzZXJuYW1lICR1c2VybmFtZSAtcGFzc3dvcmQgJHBhc3N3b3JkCiAgICB9CgogICAgaWYgKCRkaXNwbGF5X25hbWUgLW5lICRudWxsKSB7CiAgICAgICAgU2V0LVNlcnZpY2VEaXNwbGF5TmFtZSAtc3ZjICRzdmMgLWRpc3BsYXlfbmFtZSAkZGlzcGxheV9uYW1lCiAgICB9CgogICAgaWYgKCRkZXNrdG9wX2ludGVyYWN0IC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlRGVza3RvcEludGVyYWN0IC13bWlfc3ZjICR3bWlfc3ZjIC1kZXNrdG9wX2ludGVyYWN0ICRkZXNrdG9wX2ludGVyYWN0CiAgICB9CgogICAgaWYgKCRkZXNjcmlwdGlvbiAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZURlc2NyaXB0aW9uIC1zdmMgJHN2YyAtZGVzY3JpcHRpb24gJGRlc2NyaXB0aW9uCiAgICB9CgogICAgaWYgKCRwYXRoIC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlUGF0aCAtbmFtZSAkc3ZjLk5hbWUgLXBhdGggJHBhdGgKICAgIH0KCiAgICBpZiAoJGRlcGVuZGVuY2llcyAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZURlcGVuZGVuY2llcyAtd21pX3N2YyAkd21pX3N2YyAtZGVwZW5kZW5jeV9hY3Rpb24gJGRlcGVuZGVuY3lfYWN0aW9uIC1kZXBlbmRlbmNpZXMgJGRlcGVuZGVuY2llcwogICAgfQoKICAgIGlmICgkc3RhdGUgLW5lICRudWxsKSB7CiAgICAgICAgU2V0LVNlcnZpY2VTdGF0ZSAtc3ZjICRzdmMgLXdtaV9zdmMgJHdtaV9zdmMgLXN0YXRlICRzdGF0ZQogICAgfQp9CgojIG5lZWQgdG8gdXNlIFdoZXJlLU9iamVjdCBhcyAtTmFtZSBkb2Vzbid0IHdvcmsgd2l0aCBbXSBpbiB0aGUgc2VydmljZSBuYW1lCiMgaHR0cHM6Ly9naXRodWIuY29tL2Fuc2libGUvYW5zaWJsZS9pc3N1ZXMvMzc2MjEKJHN2YyA9IEdldC1TZXJ2aWNlIHwgV2hlcmUtT2JqZWN0IHsgJF8uTmFtZSAtZXEgJG5hbWUgLW9yICRfLkRpc3BsYXlOYW1lIC1lcSAkbmFtZSB9CmlmICgkc3ZjKSB7CiAgICBTZXQtU2VydmljZUNvbmZpZ3VyYXRpb24gLXN2YyAkc3ZjCn0gZWxzZSB7CiAgICAkcmVzdWx0LmV4aXN0cyA9ICRmYWxzZQogICAgaWYgKCRzdGF0ZSAtbmUgJ2Fic2VudCcpIHsKICAgICAgICAjIENoZWNrIGlmIHBhdGggaXMgZGVmaW5lZCwgaWYgc28gY3JlYXRlIHRoZSBzZXJ2aWNlCiAgICAgICAgaWYgKCRwYXRoIC1uZSAkbnVsbCkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgTmV3LVNlcnZpY2UgLU5hbWUgJG5hbWUgLUJpbmFyeVBhdGhuYW1lICRwYXRoIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCgogICAgICAgICAgICAkc3ZjID0gR2V0LVNlcnZpY2UgfCBXaGVyZS1PYmplY3QgeyAkXy5OYW1lIC1lcSAkbmFtZSB9CiAgICAgICAgICAgIFNldC1TZXJ2aWNlQ29uZmlndXJhdGlvbiAtc3ZjICRzdmMKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAjIFdlIHdpbGwgb25seSByZWFjaCBoZXJlIGlmIHRoZSBzZXJ2aWNlIGlzIGluc3RhbGxlZCBhbmQgdGhlIHN0YXRlIGlzIG5vdCBhYnNlbnQKICAgICAgICAgICAgIyBXaWxsIGNoZWNrIGlmIGFueSBvZiB0aGUgZGVmYXVsdCBhY3Rpb25zIGFyZSBzZXQgYW5kIGZhaWwgYXMgd2UgY2Fubm90IGFjdGlvbiBpdAogICAgICAgICAgICBpZiAoJHN0YXJ0X21vZGUgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJHN0YXRlIC1uZSAkbnVsbCAtb3IKICAgICAgICAgICAgICAgICR1c2VybmFtZSAtbmUgJG51bGwgLW9yCiAgICAgICAgICAgICAgICAkcGFzc3dvcmQgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRpc3BsYXlfbmFtZSAtbmUgJG51bGwgLW9yCiAgICAgICAgICAgICAgICAkZGVzY3JpcHRpb24gLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRlc2t0b3BfaW50ZXJhY3QgLW5lICRmYWxzZSAtb3IKICAgICAgICAgICAgICAgICRkZXBlbmRlbmNpZXMgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRlcGVuZGVuY3lfYWN0aW9uIC1uZSAnc2V0JykgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJTZXJ2aWNlICckbmFtZScgaXMgbm90IGluc3RhbGxlZCwgbmVlZCB0byBzZXQgJ3BhdGgnIHRvIGNyZWF0ZSBhIG5ldyBzZXJ2aWNlIgogICAgICAgICAgICB9CiAgICAgICAgfQogICAgfQp9CgojIEFmdGVyIG1ha2luZyBhIGNoYW5nZSwgbGV0J3MgZ2V0IHRoZSBzZXJ2aWNlIGluZm8gYWdhaW4gdW5sZXNzIHdlIGRlbGV0ZWQgaXQKaWYgKCRzdGF0ZSAtZXEgJ2Fic2VudCcpIHsKICAgICMgUmVjcmVhdGUgcmVzdWx0IHNvIGl0IGRvZXNuJ3QgaGF2ZSB0aGUgZXh0cmEgbWV0YSBkYXRhIG5vdyB0aGF0IGlzIGhhcyBiZWVuIGRlbGV0ZWQKICAgICRjaGFuZ2VkID0gJHJlc3VsdC5jaGFuZ2VkCiAgICAkcmVzdWx0ID0gQHsKICAgICAgICBjaGFuZ2VkID0gJGNoYW5nZWQKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfSBlbHNlaWYgKCRzdmMgLW5lICRudWxsKSB7CiAgICBHZXQtU2VydmljZUluZm8gLW5hbWUgJG5hbWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "name": "msiscsi", "start_mode": "auto", "_ansible_module_name": "win_service", "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "state": "started", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null, "_ansible_no_log": false}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 05c11c63-1d24-481d-a26f-09bb0d9ce585 Path:	4104	1		3	2	15	0	1464	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3892	2096	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:18 PM	9d04040e-981f-0002-5b0d-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): gICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTQsIENocmlzIEhvZmZtYW4gPGNob2ZmbWFuQGNoYXRoYW1maW5hbmNpYWwuY29tPgojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5TSUQKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCiRjaGVja19tb2RlID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ19hbnNpYmxlX2NoZWNrX21vZGUnIC10eXBlICdib29sJyAtZGVmYXVsdCAkZmFsc2UKCiRkZXBlbmRlbmNpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnZGVwZW5kZW5jaWVzJyAtdHlwZSAnbGlzdCcgLWRlZmF1bHQgJG51bGwKJGRlcGVuZGVuY3lfYWN0aW9uID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ2RlcGVuZGVuY3lfYWN0aW9uJyAtdHlwZSAnc3RyJyAtZGVmYXVsdCAnc2V0JyAtdmFsaWRhdGVzZXQgJ2FkZCcsJ3JlbW92ZScsJ3NldCcgCiRkZXNjcmlwdGlvbiA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdkZXNjcmlwdGlvbicgLXR5cGUgJ3N0cicKJGRlc2t0b3BfaW50ZXJhY3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnZGVza3RvcF9pbnRlcmFjdCcgLXR5cGUgJ2Jvb2wnIC1kZWZhdWx0ICRmYWxzZQokZGlzcGxheV9uYW1lID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ2Rpc3BsYXlfbmFtZScgLXR5cGUgJ3N0cicKJGZvcmNlX2RlcGVuZGVudF9zZXJ2aWNlcyA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdmb3JjZV9kZXBlbmRlbnRfc2VydmljZXMnIC10eXBlICdib29sJyAtZGVmYXVsdCAkZmFsc2UKJG5hbWUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnbmFtZScgLXR5cGUgJ3N0cicgLWZhaWxpZmVtcHR5ICR0cnVlCiRwYXNzd29yZCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdwYXNzd29yZCcgLXR5cGUgJ3N0cicKJHBhdGggPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAncGF0aCcKJHN0YXJ0X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnc3RhcnRfbW9kZScgLXR5cGUgJ3N0cicgLXZhbGlkYXRlc2V0ICdhdXRvJywnbWFudWFsJywnZGlzYWJsZWQnLCdkZWxheWVkJwokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnc3RhdGUnIC10eXBlICdzdHInIC12YWxpZGF0ZXNldCAnc3RhcnRlZCcsJ3N0b3BwZWQnLCdyZXN0YXJ0ZWQnLCdhYnNlbnQnLCdwYXVzZWQnCiR1c2VybmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICd1c2VybmFtZScgLXR5cGUgJ3N0cicKCiRyZXN1bHQgPSBAewogICAgY2hhbmdlZCA9ICRmYWxzZQp9CgojIHBhcnNlIHRoZSB1c2VybmFtZSB0byBTSUQgYW5kIGJhY2sgc28gd2UgZ2V0IHRoZSBmdWxsIHVzZXJuYW1lIHdpdGggZG9tYWluIGluIGEgd2F5IFdNSSB1bmRlcnN0YW5kcwppZiAoJHVzZXJuYW1lIC1uZSAkbnVsbCkgewogICAgaWYgKCR1c2VybmFtZSAtZXEgIkxvY2FsU3lzdGVtIikgewogICAgICAgICR1c2VybmFtZV9zaWQgPSAiUy0xLTUtMTgiCiAgICB9IGVsc2UgewogICAgICAgICR1c2VybmFtZV9zaWQgPSBDb252ZXJ0LVRvU0lEIC1hY2NvdW50X25hbWUgJHVzZXJuYW1lCiAgICB9CgogICAgIyB0aGUgU1lTVEVNIGFjY291bnQgaXMgYSBzcGVjaWFsIGJlYXN0LCBXaW4zMl9TZXJ2aWNlIENoYW5nZSByZXF1aXJlcyBTdGFydE5hbWUgdG8gYmUgTG9jYWxTeXN0ZW0KICAgICMgdG8gc3BlY2lmeSBMb2NhbFN5c3RlbS9OVCBBVVRIT1JJVFlcU1lTVEVNCiAgICBpZiAoJHVzZXJuYW1lX3NpZCAtZXEgIlMtMS01LTE4IikgewogICAgICAgICR1c2VybmFtZSA9ICJMb2NhbFN5c3RlbSIKICAgICAgICAkcGFzc3dvcmQgPSAkbnVsbAogICAgfSBlbHNlIHsKICAgICAgICAjIFdpbjMyX1NlcnZpY2UsIHBhc3N3b3JkIG11c3QgYmUgIiIgYW5kIG5vdCAkbnVsbCB3aGVuIHNldHRpbmcgdG8gTG9jYWxTZXJ2aWNlIG9yIE5ldHdvcmtTZXJ2aWNlCiAgICAgICAgaWYgKCR1c2VybmFtZV9zaWQgLWluIEAoIlMtMS01LTE5IiwgIlMtMS01LTIwIikpIHsKICAgICAgICAgICAgJHBhc3N3b3JkID0gIiIKICAgICAgICB9CiAgICAgICAgJHVzZXJuYW1lID0gQ29udmVydC1Gcm9tU0lEIC1zaWQgJHVzZXJuYW1lX3NpZAogICAgfQp9CmlmICgkcGFzc3dvcmQgLW5lICRudWxsIC1hbmQgJHVzZXJuYW1lIC1lcSAkbnVsbCkgewogICAgRmFpbC1Kc29uICRyZXN1bHQgIlRoZSBhcmd1bWVudCAndXNlcm5hbWUnIG11c3QgYmUgc3VwcGxpZWQgd2l0aCAncGFzc3dvcmQnIgp9CmlmICgkZGVza3RvcF9pbnRlcmFjdCAtZXEgJHRydWUgLWFuZCAoLW5vdCAoJHVzZXJuYW1lIC1lcSAiTG9jYWxTeXN0ZW0iIC1vciAkdXNlcm5hbWUgLWVxICRudWxsKSkpIHsKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJDYW4gb25seSBzZXQgJ2Rlc2t0b3BfaW50ZXJhY3QnIHRvIHRydWUgd2hlbiAndXNlcm5hbWUnIGVxdWFscyAnTG9jYWxTeXN0ZW0nIgp9CmlmICgkcGF0aCAtbmUgJG51bGwpIHsKICAgICRwYXRoID0gW1N5c3RlbS5FbnZpcm9ubWVudF06OkV4cGFuZEVudmlyb25tZW50VmFyaWFibGVzKCRwYXRoKQp9CgpGdW5jdGlvbiBHZXQtU2VydmljZUluZm8oJG5hbWUpIHsKICAgICMgTmVlZCB0byBnZXQgbmV3IG9iamVjdHMgc28gd2UgaGF2ZSB0aGUgbGF0ZXN0IGluZm8KICAgICRzdmMgPSBHZXQtU2VydmljZSB8IFdoZXJlLU9iamVjdCB7ICRfLk5hbWUgLWVxICRuYW1lIC1vciAkXy5EaXNwbGF5TmFtZSAtZXEgJG5hbWUgfQogICAgJHdtaV9zdmMgPSBHZXQtQ2ltSW5zdGFuY2UgLUNsYXNzTmFtZSBXaW4zMl9TZXJ2aWNlIC1GaWx0ZXIgIm5hbWU9JyQoJHN2Yy5OYW1lKSciCgogICAgIyBEZWxheWVkIHN0YXJ0X21vZGUgaXMgaW4gcmVhbGl0eSBBdXRvbWF0aWMgKERlbGF5ZWQpLCBuZWVkIHRvIGNoZWNrIHJlZyBrZXkgZm9yIHR5cGUKICAgICRkZWxheWVkID0gR2V0LURlbGF5ZWRTdGF0dXMgLW5hbWUgJHN2Yy5OYW1lCiAgICAkYWN0dWFsX3N0YXJ0X21vZGUgPSAkd21pX3N2Yy5TdGFydE1vZGUuVG9TdHJpbmcoKS5Ub0xvd2VyKCkgCiAgICBpZiAoJGRlbGF5ZWQgLWFuZCAkYWN0dWFsX3N0YXJ0X21vZGUgLWVxICdhdXRvJykgewogICAgICAgICRhY3R1YWxfc3RhcnRfbW9kZSA9ICdkZWxheWVkJwogICAgfQoKICAgICRleGlzdGluZ19kZXBlbmRlbmNpZXMgPSBAKCkKICAgICRleGlzdGluZ19kZXBlbmRlZF9ieSA9IEAoKQogICAgaWYgKCRzdmMuU2VydmljZXNEZXBlbmRlZE9uLkNvdW50IC1ndCAwKSB7CiAgICAgICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJHN2Yy5TZXJ2aWNlc0RlcGVuZGVkT24uTmFtZSkgewogICAgICAgICAgICAkZXhpc3RpbmdfZGVwZW5kZW5jaWVzICs9ICRkZXBlbmRlbmN5CiAgICAgICAgfQogICAgfQogICAgaWYgKCRzdmMuRGVwZW5kZW50U2VydmljZXMuQ291bnQgLWd0IDApIHsKICAgICAgICBmb3JlYWNoICgkZGVwZW5kZW5jeSBpbiAkc3ZjLkRlcGVuZGVudFNlcnZpY2VzLk5hbWUpIHsKICAgICAgICAgICAgJGV4aXN0aW5nX2RlcGVuZGVkX2J5ICs9ICRkZXBlbmRlbmN5CiAgICAgICAgfQogICAgfQogICAgJGRlc2NyaXB0aW9uID0gJHdtaV9zdmMuRGVzY3JpcHRpb24KICAgIGlmICgkZGVzY3JpcHRpb24gLWVxICRudWxsKSB7CiAgICAgICAgJGRlc2NyaXB0aW9uID0gIiIKICAgIH0KCiAgICAkcmVzdWx0LmV4aXN0cyA9ICR0cnVlCiAgICAkcmVzdWx0Lm5hbWUgPSAkc3ZjLk5hbWUKICAgICRyZXN1bHQuZGlzcGxheV9uYW1lID0gJHN2Yy5EaXNwbGF5TmFtZQogICAgJHJlc3VsdC5zdGF0ZSA9ICRzdmMuU3RhdHVzLlRvU3RyaW5nKCkuVG9Mb3dlcigpCiAgICAkcmVzdWx0LnN0YXJ0X21vZGUgPSAkYWN0dWFsX3N0YXJ0X21vZGUKICAgICRyZXN1bHQucGF0aCA9ICR3bWlfc3ZjLlBhdGhOYW1lCiAgICAkcmVzdWx0LmRlc2NyaXB0aW9uID0gJGRlc2NyaXB0aW9uCiAgICAkcmVzdWx0LnVzZXJuYW1lID0gJHdtaV9zdmMuU3RhcnROYW1lCiAgICAkcmVzdWx0LmRlc2t0b3BfaW50ZXJhY3QgPSAkd21pX3N2Yy5EZXNrdG9wSW50ZXJhY3QKICAgICRyZXN1bHQuZGVwZW5kZW5jaWVzID0gJGV4aXN0aW5nX2RlcGVuZGVuY2llcwogICAgJHJlc3VsdC5kZXBlbmRlZF9ieSA9ICRleGlzdGluZ19kZXBlbmRlZF9ieQogICAgJHJlc3VsdC5jYW5fcGF1c2VfYW5kX2NvbnRpbnVlID0gJHN2Yy5DYW5QYXVzZUFuZENvbnRpbnVlCn0KCkZ1bmN0aW9uIEdldC1XbWlFcnJvck1lc3NhZ2UoJHJldHVybl92YWx1ZSkgewogICAgIyBUaGVzZSB2YWx1ZXMgYXJlIGRlcml2ZWQgZnJvbSBodHRwczovL21zZG4ubWljcm9zb2Z0LmNvbS9lbi11cy9saWJyYXJ5L2FhMzg0OTAxKHY9dnMuODUpLmFzcHgKICAgIHN3aXRjaCAoJHJldHVybl92YWx1ZSkgewogICAgICAgIDEgeyAiTm90IFN1cHBvcnRlZDogVGhlIHJlcXVlc3QgaXMgbm90IHN1cHBvcnRlZCIgfQogICAgICAgIDIgeyAiQWNjZXNzIERlbmllZDogVGhlIHVzZXIgZGlkIG5vdCBoYXZlIHRoZSBuZWNlc3NhcnkgYWNjZXNzIiB9CiAgICAgICAgMyB7ICJEZXBlbmRlbnQgU2VydmljZXMgUnVubmluZzogVGhlIHNlcnZpY2UgY2Fubm90IGJlIHN0b3BwZWQgYmVjYXVzZSBvdGhlciBzZXJ2aWNlcyB0aGF0IGFyZSBydW5uaW5nIGFyZSBkZXBlbmRlbnQgb24gaXQiIH0KICAgICAgICA0IHsgIkludmFsaWQgU2VydmljZSBDb250cm9sOiBUaGUgcmVxdWVzdGVkIGNvbnRyb2wgY29kZSBpcyBub3QgdmFsaWQsIG9yIGl0IGlzIHVuYWNjZXB0YWJsZSB0byB0aGUgc2VydmljZSIgfQogICAgICAgIDUgeyAiU2VydmljZSBDYW5ub3QgQWNjZXB0IENvbnRyb2w6IFRoZSByZXF1ZXN0ZWQgY29udHJvbCBjb2RlIGNhbm5vdCBiZSBzZW50IHRvIHRoZSBzZXJ2aWNlIGJlY2F1c2UgdGhlIHN0YXRlIG9mIHRoZSBzZXJ2aWNlIChXaW4zMl9CYXNlU2VydmljZS5TdGF0ZSBwcm9wZXJ0eSkgaXMgZXF1YWwgdG8gMCwgMSwgb3IgMiIgfQogICAgICAgIDYgeyAiU2VydmljZSBOb3QgQWN0aXZlOiBUaGUgc2VydmljZSBoYXMgbm90IGJlZW4gc3RhcnRlZCIgfQogICAgICAgIDcgeyAiU2VydmljZSBSZXF1ZXN0IFRpbWVvdXQ6IFRoZSBzZXJ2aWNlIGRpZCBub3QgcmVzcG9uZCB0byB0aGUgc3RhcnQgcmVxdWVzdCBpbiBhIHRpbWVseSBmYXNoaW9uIiB9CiAgICAgICAgOCB7ICJVbmtub3duIEZhaWx1cmU6IFVua25vd24gZmFpbHVyZSB3aGVuIHN0YXJ0aW5nIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgOSB7ICJQYXRoIE5vdCBGb3VuZDogVGhlIGRpcmVjdG9yeSBwYXRoIHRvIHRoZSBzZXJ2aWNlIGV4ZWN1dGFibGUgZmlsZSB3YXMgbm90IGZvdW5kIiB9CiAgICAgICAgMTAgeyAiU2VydmljZSBBbHJlYWR5IFJ1bm5pbmc6IFRoZSBzZXJ2aWNlIGlzIGFscmVhZHkgcnVubmluZyIgfQogICAgICAgIDExIHsgIlNlcnZpY2UgRGF0YWJhc2UgTG9ja2VkOiBUaGUgZGF0YWJhc2UgdG8gYWRkIGEgbmV3IHNlcnZpY2UgaXMgbG9ja2VkIiB9CiAgICAgICAgMTIgeyAiU2VydmljZSBEZXBlbmRlbmN5IERlbGV0ZWQ6IEEgZGVwZW5kZW5jeSB0aGlzIHNlcnZpY2UgcmVsaWVzIG9uIGhhcyBiZWVuIHJlbW92ZWQgZnJvbSB0aGUgc3lzdGVtIiB9CiAgICAgICAgMTMgeyAiU2VydmljZSBEZXBlbmRlbmN5IEZhaWx1cmU6IFRoZSBzZXJ2aWNlIGZhaWxlZCB0byBmaW5kIHRoZSBzZXJ2aWNlIG5lZWRlZCBmcm9tIGEgZGVwZW5kZW50IHNlcnZpY2UiIH0KICAgICAgICAxNCB7ICJTZXJ2aWNlIERpc2FibGVkOiBUaGUgc2VydmljZSBoYXMgYmVlbiBkaXNhYmxlZCBmcm9tIHRoZSBzeXN0ZW0iIH0KICAgICAgICAxNSB7ICJTZXJ2aWNlIExvZ29uIEZhaWxlZDogVGhlIHNlcnZpY2UgZG9lcyBub3QgaGF2ZSB0aGUgY29ycmVjdCBhdXRoZW50aWNhdGlvbiB0byBydW4gb24gdGhlIHN5c3RlbSIgfQogICAgICAgIDE2IHsgIlNlcnZpY2UgTWFya2VkIEZvciBEZWxldGlvbjogVGhpcyBzZXJ2aWNlIGlzIGJlaW5nIHJlbW92ZWQgZnJvbSB0aGUgc3lzdGVtIiB9CiAgICAgICAgMTcgeyAiU2VydmljZSBObyBUaHJlYWQ6IFRoZSBzZXJ2aWNlIGhhcyBubyBleGVjdXRpb24gdGhyZWFkIiB9CiAgICAgICAgMTggeyAiU3RhdHVzIENpcmN1bGFyIERlcGVuZGVuY3k6IFRoZSBzZXJ2aWNlIGhhcyBjaXJjdWxhciBkZXBlbmRlbmNpZXMgd2hlbiBpdCBzdGFydHMiIH0KICAgICAgICAxOSB7ICJTdGF0dXMgRHVwbGljYXRlIE5hbWU6IEEgc2VydmljZSBpcyBydW5uaW5nIHVuZGVyIHRoZSBzYW1lIG5hbWUiIH0KICAgICAgICAyMCB7ICJTdGF0dXMgSW52YWxpZCBOYW1lOiBUaGUgc2VydmljZSBuYW1lIGhhcyBpbnZhbGlkIGNoYXJhY3RlcnMiIH0KICAgICAgICAyMSB7ICJTdGF0dXMgSW52YWxpZCBQYXJhbWV0ZXI6IEludmFsaWQgcGFyYW1ldGVycyBoYXZlIGJlZW4gcGFzc2VkIHRvIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgMjIgeyAiU3RhdHVzIEludmFsaWQgU2VydmljZSBBY2NvdW50OiBUaGUgYWNjb3VudCB1bmRlciB3aGljaCB0aGlzIHNlcnZpY2UgcnVucyBpcyBlaXRoZXIgaW52YWxpZCBvciBsYWNrcyB0aGUgcGVybWlzc2lvbnMgdG8gcnVuIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgMjMgeyAiU3RhdHVzIFNlcnZpY2UgRXhpc3RzOiBUaGUgc2VydmljZSBleGlzdHMgaW4gdGhlIGRhdGFiYXNlIG9mIHNlcnZpY2VzIGF2YWlsYWJsZSBmcm9tIHRoZSBzeXN0ZW0iIH0KICAgICAgICAyNCB7ICJTZXJ2aWNlIEFscmVhZHkgUGF1c2VkOiBUaGUgc2VydmljZSBpcyBjdXJyZW50bHkgcGF1c2VkIGluIHRoZSBzeXN0ZW0iIH0KICAgICAgICBkZWZhdWx0IHsgIk90aGVyIEVycm9yIiB9CiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1EZWxheWVkU3RhdHVzKCRuYW1lKSB7CiAgICAkZGVsYXllZF9rZXkgPSAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCRuYW1lIgogICAgdHJ5IHsKICAgICAgICAkZGVsYXllZCA9IENvbnZlcnRUby1Cb29sICgoR2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5KS5EZWxheWVkQXV0b3N0YXJ0KQogICAgfSBjYXRjaCB7CiAgICAgICAgJGRlbGF5ZWQgPSAkZmFsc2UKICAgIH0KCiAgICAkZGVsYXllZAp9CgpGdW5jdGlvbiBTZXQtU2VydmljZVN0YXJ0TW9kZSgkc3ZjLCAkc3RhcnRfbW9kZSkgewogICAgaWYgKCRyZXN1bHQuc3RhcnRfbW9kZSAtbmUgJHN0YXJ0X21vZGUpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkZGVsYXllZF9rZXkgPSAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCQoJHN2Yy5OYW1lKSIKICAgICAgICAgICAgIyBPcmlnaW5hbCBzdGFydCB1cCB0eXBlIHdhcyBhdXRvIChkZWxheWVkKSBhbmQgd2Ugd2FudCBhdXRvLCBuZWVkIHRvIHJlbW92ZWQgZGVsYXllZCBrZXkKICAgICAgICAgICAgaWYgKCRzdGFydF9tb2RlIC1lcSAnYXV0bycgLWFuZCAkcmVzdWx0LnN0YXJ0X21vZGUgLWVxICdkZWxheWVkJykgewogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMCAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgYXV0byBhbmQgd2Ugd2FudCBhdXRvIChkZWxheWVkKSwgbmVlZCB0byBhZGQgZGVsYXllZCBrZXkKICAgICAgICAgICAgfSBlbHNlaWYgKCRzdGFydF9tb2RlIC1lcSAnZGVsYXllZCcgLWFuZCAkcmVzdWx0LnN0YXJ0X21vZGUgLWVxICdhdXRvJykgewogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMSAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgbm90IGF1dG8gb3IgYXV0byAoZGVsYXllZCksIG5lZWQgdG8gY2hhbmdlIHRvIGF1dG8gYW5kIGFkZCBkZWxheWVkIGtleQogICAgICAgICAgICB9IGVsc2VpZiAoJHN0YXJ0X21vZGUgLWVxICdkZWxheWVkJykgewogICAgICAgICAgICAgICAgJHN2YyB8IFNldC1TZXJ2aWNlIC1TdGFydHVwVHlwZSAiYXV0byIgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0 ScriptBlock ID: 05c11c63-1d24-481d-a26f-09bb0d9ce585 Path:	4104	1		3	2	15	0	1463	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3892	2096	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:18 PM	9d04040e-981f-0002-5b0d-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.SID": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCkZ1bmN0aW9uIENvbnZlcnQtRnJvbVNJRCgkc2lkKSB7CiAgICAjIENvbnZlcnRzIGEgU0lEIHRvIGEgRG93bi1MZXZlbCBMb2dvbiBuYW1lIGluIHRoZSBmb3JtIG9mIERPTUFJTlxVc2VyTmFtZQogICAgIyBJZiB0aGUgU0lEIGlzIGZvciBhIGxvY2FsIHVzZXIgb3IgZ3JvdXAgdGhlbiBET01BSU4gd291bGQgYmUgdGhlIHNlcnZlcgogICAgIyBuYW1lLgoKICAgICRhY2NvdW50X29iamVjdCA9IE5ldy1PYmplY3QgU3lzdGVtLlNlY3VyaXR5LlByaW5jaXBhbC5TZWN1cml0eUlkZW50aWZpZXIoJHNpZCkKICAgIHRyeSB7CiAgICAgICAgJG50X2FjY291bnQgPSAkYWNjb3VudF9vYmplY3QuVHJhbnNsYXRlKFtTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudF0pCiAgICB9IGNhdGNoIHsKICAgICAgICBGYWlsLUpzb24gLW9iaiBAe30gLW1lc3NhZ2UgImZhaWxlZCB0byBjb252ZXJ0IHNpZCAnJHNpZCcgdG8gYSBsb2dvbiBuYW1lOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KCiAgICByZXR1cm4gJG50X2FjY291bnQuVmFsdWUKfQoKRnVuY3Rpb24gQ29udmVydC1Ub1NJRCB7CiAgICBbRGlhZ25vc3RpY3MuQ29kZUFuYWx5c2lzLlN1cHByZXNzTWVzc2FnZUF0dHJpYnV0ZSgiUFNBdm9pZFVzaW5nRW1wdHlDYXRjaEJsb2NrIiwgIiIsIEp1c3RpZmljYXRpb249IldlIGRvbid0IGNhcmUgaWYgY29udmVydGluZyB0byBhIFNJRCBmYWlscywganVzdCB0aGF0IGl0IGZhaWxlZCBvciBub3QiKV0KICAgIHBhcmFtKCRhY2NvdW50X25hbWUpCiAgICAjIENvbnZlcnRzIGFuIGFjY291bnQgbmFtZSB0byBhIFNJRCwgaXQgY2FuIHRha2UgaW4gdGhlIGZvbGxvd2luZyBmb3JtcwogICAgIyBTSUQ6IFdpbGwganVzdCByZXR1cm4gdGhlIFNJRCB2YWx1ZSB0aGF0IHdhcyBwYXNzZWQgaW4KICAgICMgVVBOOgogICAgIyAgIHByaW5jaXBhbEBkb21haW4gKERvbWFpbiB1c2VycyBvbmx5KQogICAgIyBEb3duLUxldmVsIExvZ2luIE5hbWUKICAgICMgICBET01BSU5ccHJpbmNpcGFsIChEb21haW4pCiAgICAjICAgU0VSVkVSTkFNRVxwcmluY2lwYWwgKExvY2FsKQogICAgIyAgIC5ccHJpbmNpcGFsIChMb2NhbCkKICAgICMgICBOVCBBVVRIT1JJVFlcU1lTVEVNIChMb2NhbCBTZXJ2aWNlIEFjY291bnRzKQogICAgIyBMb2dpbiBOYW1lCiAgICAjICAgcHJpbmNpcGFsIChMb2NhbC9Mb2NhbCBTZXJ2aWNlIEFjY291bnRzKQoKICAgIHRyeSB7CiAgICAgICAgJHNpZCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5QcmluY2lwYWwuU2VjdXJpdHlJZGVudGlmaWVyIC1Bcmd1bWVudExpc3QgJGFjY291bnRfbmFtZQogICAgICAgIHJldHVybiAkc2lkLlZhbHVlCiAgICB9IGNhdGNoIHt9CgogICAgaWYgKCRhY2NvdW50X25hbWUgLWxpa2UgIipcKiIpIHsKICAgICAgICAkYWNjb3VudF9uYW1lX3NwbGl0ID0gJGFjY291bnRfbmFtZSAtc3BsaXQgIlxcIgogICAgICAgIGlmICgkYWNjb3VudF9uYW1lX3NwbGl0WzBdIC1lcSAiLiIpIHsKICAgICAgICAgICAgJGRvbWFpbiA9ICRlbnY6Q09NUFVURVJOQU1FCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJGRvbWFpbiA9ICRhY2NvdW50X25hbWVfc3BsaXRbMF0KICAgICAgICB9CiAgICAgICAgJHVzZXJuYW1lID0gJGFjY291bnRfbmFtZV9zcGxpdFsxXQogICAgfSBlbHNlaWYgKCRhY2NvdW50X25hbWUgLWxpa2UgIipAKiIpIHsKICAgICAgICAkYWNjb3VudF9uYW1lX3NwbGl0ID0gJGFjY291bnRfbmFtZSAtc3BsaXQgIkAiCiAgICAgICAgJGRvbWFpbiA9ICRhY2NvdW50X25hbWVfc3BsaXRbMV0KICAgICAgICAkdXNlcm5hbWUgPSAkYWNjb3VudF9uYW1lX3NwbGl0WzBdCiAgICB9IGVsc2UgewogICAgICAgICRkb21haW4gPSAkbnVsbAogICAgICAgICR1c2VybmFtZSA9ICRhY2NvdW50X25hbWUKICAgIH0KCiAgICBpZiAoJGRvbWFpbikgewogICAgICAgICMgc2VhcmNoaW5nIGZvciBhIGxvY2FsIGdyb3VwIHdpdGggdGhlIHNlcnZlcm5hbWUgcHJlZml4ZWQgd2lsbCBmYWlsLAogICAgICAgICMgbmVlZCB0byBjaGVjayBmb3IgdGhpcyBzaXR1YXRpb24gYW5kIG9ubHkgdXNlIE5UQWNjb3VudChTdHJpbmcpCiAgICAgICAgaWYgKCRkb21haW4gLWVxICRlbnY6Q09NUFVURVJOQU1FKSB7CiAgICAgICAgICAgICRhZHNpID0gW0FEU0ldKCJXaW5OVDovLyRlbnY6Q09NUFVURVJOQU1FLGNvbXB1dGVyIikKICAgICAgICAgICAgJGdyb3VwID0gJGFkc2kucHNiYXNlLmNoaWxkcmVuIHwgV2hlcmUtT2JqZWN0IHsgJF8uc2NoZW1hQ2xhc3NOYW1lIC1lcSAiZ3JvdXAiIC1hbmQgJF8uTmFtZSAtZXEgJHVzZXJuYW1lIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZ3JvdXAgPSAkbnVsbAogICAgICAgIH0KICAgICAgICBpZiAoJGdyb3VwKSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkdXNlcm5hbWUpCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJGFjY291bnQgPSBOZXctT2JqZWN0IFN5c3RlbS5TZWN1cml0eS5QcmluY2lwYWwuTlRBY2NvdW50KCRkb21haW4sICR1c2VybmFtZSkKICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICMgd2hlbiBpbiBhIGRvbWFpbiBOVEFjY291bnQoU3RyaW5nKSB3aWxsIGZhdm91ciBkb21haW4gbG9va3VwcyBjaGVjawogICAgICAgICMgaWYgdXNlcm5hbWUgaXMgYSBsb2NhbCB1c2VyIGFuZCBleHBsaWN0bHkgc2VhcmNoIG9uIHRoZSBsb2NhbGhvc3QgZm9yCiAgICAgICAgIyB0aGF0IGFjY291bnQKICAgICAgICAkYWRzaSA9IFtBRFNJXSgiV2luTlQ6Ly8kZW52OkNPTVBVVEVSTkFNRSxjb21wdXRlciIpCiAgICAgICAgJHVzZXIgPSAkYWRzaS5wc2Jhc2UuY2hpbGRyZW4gfCBXaGVyZS1PYmplY3QgeyAkXy5zY2hlbWFDbGFzc05hbWUgLWVxICJ1c2VyIiAtYW5kICRfLk5hbWUgLWVxICR1c2VybmFtZSB9CiAgICAgICAgaWYgKCR1c2VyKSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkZW52OkNPTVBVVEVSTkFNRSwgJHVzZXJuYW1lKQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkdXNlcm5hbWUpCiAgICAgICAgfQogICAgfQogICAgCiAgICB0cnkgewogICAgICAgICRhY2NvdW50X3NpZCA9ICRhY2NvdW50LlRyYW5zbGF0ZShbU3lzdGVtLlNlY3VyaXR5LlByaW5jaXBhbC5TZWN1cml0eUlkZW50aWZpZXJdKQogICAgfSBjYXRjaCB7CiAgICAgICAgRmFpbC1Kc29uIEB7fSAiYWNjb3VudF9uYW1lICRhY2NvdW50X25hbWUgaXMgbm90IGEgdmFsaWQgYWNjb3VudCwgY2Fubm90IGdldCBTSUQ6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQogICAgCiAgICByZXR1cm4gJGFjY291bnRfc2lkLlZhbHVlCn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICA ScriptBlock ID: 05c11c63-1d24-481d-a26f-09bb0d9ce585 Path:	4104	1		3	2	15	0	1462	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3892	2096	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:18 PM	9d04040e-981f-0002-5b0d-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1461	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3892	1600	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:18 PM	9d04040e-981f-0004-1e19-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3892 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1460	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3892	1296	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:18 PM	9d04040e-981f-0004-1e19-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1459	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3892	1600	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:18 PM	9d04040e-981f-0004-1e19-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1458	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4456	3248	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:16 PM	9d04040e-981f-0004-1419-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4456 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1457	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4456	2280	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:16 PM	9d04040e-981f-0004-1419-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1456	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4456	3248	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:16 PM	9d04040e-981f-0004-1419-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1455	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3920	2528	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:16 PM	9d04040e-981f-0003-6452-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3920 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1454	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3920	4108	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:16 PM	9d04040e-981f-0003-6452-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1453	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3920	2528	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:16 PM	9d04040e-981f-0003-6452-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: 6c889789-2849-4d4d-a9ba-2689cfb1ea33 Path:	4104	1		3	2	15	0	1452	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3972	5088	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:16 PM	9d04040e-981f-0002-380d-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: e0e5c247-4516-4bb3-8929-2dd634c8609a Path:	4104	1		3	2	15	0	1451	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3972	1448	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:16 PM	9d04040e-981f-0003-5052-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 0aa53094-0e4f-4f15-9e63-13347a343702 Path:	4104	1		3	2	15	0	1450	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3972	1448	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:15 PM	9d04040e-981f-0003-4152-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 3286c4c6-65f7-4ca9-a934-b144d12dd71f Path:	4104	1		3	2	15	0	1449	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3972	1448	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:15 PM	9d04040e-981f-0003-3b52-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): CAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_copy_mode": "single", "_ansible_remote_tmp": "%TEMP%", "_ansible_syslog_facility": "LOG_USER", "_ansible_keep_remote_files": false, "_ansible_socket": null, "_original_basename": "pip-install-networking-hyperv.log", "_ansible_check_mode": false, "src": "C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1629725354.29-262687552484914\\source", "_ansible_no_log": false, "_ansible_module_name": "copy", "_ansible_verbosity": 4, "dest": "c:\\openstack\\log\\pip-install-networking-hyperv.log", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1629725354.29-262687552484914'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject ScriptBlock ID: 3286c4c6-65f7-4ca9-a934-b144d12dd71f Path:	4104	1		3	2	15	0	1448	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3972	1448	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:15 PM	9d04040e-981f-0003-3b52-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): GxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKI ScriptBlock ID: 3286c4c6-65f7-4ca9-a934-b144d12dd71f Path:	4104	1		3	2	15	0	1447	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3972	1448	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:15 PM	9d04040e-981f-0003-3b52-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5Tc ScriptBlock ID: 3286c4c6-65f7-4ca9-a934-b144d12dd71f Path:	4104	1		3	2	15	0	1446	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3972	1448	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:15 PM	9d04040e-981f-0003-3b52-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1445	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3972	1408	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:15 PM	9d04040e-981f-0004-0e19-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3972 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1444	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3972	4224	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:15 PM	9d04040e-981f-0004-0e19-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1443	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3972	1408	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:15 PM	9d04040e-981f-0004-0e19-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): begin { $path = 'C:\Users\Admin\AppData\Local\Temp\ansible-tmp-1629725354.29-262687552484914\source' $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 $fd = [System.IO.File]::Create($path) $sha1 = [System.Security.Cryptography.SHA1CryptoServiceProvider]::Create() $bytes = @() #initialize for empty file case } process { $bytes = [System.Convert]::FromBase64String($input) $sha1.TransformBlock($bytes, 0, $bytes.Length, $bytes, 0) | Out-Null $fd.Write($bytes, 0, $bytes.Length) } end { $sha1.TransformFinalBlock($bytes, 0, 0) | Out-Null $hash = [System.BitConverter]::ToString($sha1.Hash).Replace("-", "").ToLowerInvariant() $fd.Close() Write-Output "{""sha1"":""$hash""}" } ScriptBlock ID: c6fd5e8a-d971-4cb8-8cad-e557dcfcd2ae Path:	4104	1		3	2	15	0	1442	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5036	1652	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:15 PM	9d04040e-981f-0001-2a12-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1441	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5036	220	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:15 PM	9d04040e-981f-0004-0919-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 5036 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1440	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5036	1976	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:15 PM	9d04040e-981f-0004-0919-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1439	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5036	220	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:15 PM	9d04040e-981f-0004-0919-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1438	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3760	4576	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:14 PM	9d04040e-981f-0003-3052-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3760 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1437	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3760	1616	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:14 PM	9d04040e-981f-0003-3052-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1436	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3760	4576	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:14 PM	9d04040e-981f-0003-3052-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1435	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1064	4444	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:14 PM	9d04040e-981f-0004-ff18-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1064 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1434	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1064	2152	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:14 PM	9d04040e-981f-0004-ff18-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1433	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1064	4444	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:14 PM	9d04040e-981f-0004-ff18-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: a5f49c3c-b3e0-48f5-ad9e-2f0340db049f Path:	4104	1		3	2	15	0	1432	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4452	1460	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:14 PM	9d04040e-981f-0002-150d-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 665a451a-de48-49b3-94e7-d55049e93b28 Path:	4104	1		3	2	15	0	1431	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4452	3112	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:13 PM	9d04040e-981f-0002-080d-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 369481c3-eb4b-4c7d-94a5-60cc5bab0fb9 Path:	4104	1		3	2	15	0	1430	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4452	3112	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:13 PM	9d04040e-981f-0002-f90c-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): GNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"symlinks": [], "files": [{"dest": "pip-install-networking-hyperv.log", "checksum": "240b5e062712f5f235d8deeb4faaec6b3028561e", "src": "/home/jenkins-slave/.ansible/tmp/ansible-local-10077YbyhZe/tmpgwEwBg"}], "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "force": true, "_ansible_no_log": false, "dest": "c:/openstack/log", "directories": [], "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_copy_mode": "query", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null, "_ansible_version": "2.7.0", "_ansible_module_name": "win_copy"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 846e49ae-34a1-44db-8df0-e6b90e63f6c9 Path:	4104	1		3	2	15	0	1429	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4452	3112	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:13 PM	9d04040e-981f-0002-f30c-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): hdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJ ScriptBlock ID: 846e49ae-34a1-44db-8df0-e6b90e63f6c9 Path:	4104	1		3	2	15	0	1428	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4452	3112	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:13 PM	9d04040e-981f-0002-f30c-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWx ScriptBlock ID: 846e49ae-34a1-44db-8df0-e6b90e63f6c9 Path:	4104	1		3	2	15	0	1427	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4452	3112	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:13 PM	9d04040e-981f-0002-f30c-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1426	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4452	3044	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:13 PM	9d04040e-981f-0004-fb18-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4452 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1425	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4452	1872	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:13 PM	9d04040e-981f-0004-fb18-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1424	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4452	3044	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:29:13 PM	9d04040e-981f-0004-fb18-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1423	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5116	4564	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:39 PM	9d04040e-981f-0004-7c18-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 5116 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1422	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5116	3776	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:39 PM	9d04040e-981f-0004-7c18-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1421	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5116	4564	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:39 PM	9d04040e-981f-0004-7c18-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 3269a67b-7ea1-4868-ae30-cb5169e246a1 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 4fd0df1b-fc70-4815-875d-f6269ad8870f Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1420	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2716	3712	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:39 PM	9d04040e-981f-0003-a451-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: f4165051-304a-4bba-ada2-9e0903c372f5 Path:	4104	1		3	2	15	0	1419	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2716	4788	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:39 PM	9d04040e-981f-0001-c611-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 9a67212c-8177-49c3-b7ed-f525db18ec2d Path:	4104	1		3	2	15	0	1418	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2716	4788	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:39 PM	9d04040e-981f-0001-bf11-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: d6076758-930d-43f9-9e5e-3571c55357aa Path:	4104	1		3	2	15	0	1417	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2716	4788	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:38 PM	9d04040e-981f-0001-b011-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): [scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 4b35131d-9858-4c5f-aafb-2577f08ac3b4 Path:	4104	1		3	2	15	0	1416	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2716	4788	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:38 PM	9d04040e-981f-0001-aa11-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): Vyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "pip install -c c:\\openstack\\build\\requirements\\upper-constraints.txt -U -e c:\\openstack\\build\\networking-hyperv", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ( ScriptBlock ID: 4b35131d-9858-4c5f-aafb-2577f08ac3b4 Path:	4104	1		3	2	15	0	1415	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2716	4788	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:38 PM	9d04040e-981f-0001-aa11-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): wZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVm ScriptBlock ID: 4b35131d-9858-4c5f-aafb-2577f08ac3b4 Path:	4104	1		3	2	15	0	1414	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2716	4788	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:38 PM	9d04040e-981f-0001-aa11-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): RMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHl ScriptBlock ID: 4b35131d-9858-4c5f-aafb-2577f08ac3b4 Path:	4104	1		3	2	15	0	1413	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2716	4788	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:38 PM	9d04040e-981f-0001-aa11-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTk ScriptBlock ID: 4b35131d-9858-4c5f-aafb-2577f08ac3b4 Path:	4104	1		3	2	15	0	1412	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2716	4788	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:38 PM	9d04040e-981f-0001-aa11-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1411	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2716	2836	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:38 PM	9d04040e-981f-0004-7718-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2716 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1410	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2716	5104	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:38 PM	9d04040e-981f-0004-7718-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1409	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2716	2836	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:38 PM	9d04040e-981f-0004-7718-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1408	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5020	1692	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:35 PM	9d04040e-981f-0004-6b18-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 5020 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1407	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5020	4636	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:35 PM	9d04040e-981f-0004-6b18-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1406	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5020	1692	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:35 PM	9d04040e-981f-0004-6b18-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 81012cf3-9bba-466e-9295-f831066f0ef9 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 392d0d82-33da-49d6-8249-44c32c353db0 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1405	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4068	3192	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:35 PM	9d04040e-981f-0000-501c-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 5635b6b0-d35a-4e23-826b-fc5325571d01 Path:	4104	1		3	2	15	0	1404	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4068	4700	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:35 PM	9d04040e-981f-0004-6518-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: c48beaf6-533a-4705-9d3a-0a3bddbf2cef Path:	4104	1		3	2	15	0	1403	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4068	4700	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:35 PM	9d04040e-981f-0004-5e18-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 67ddceaa-8041-4b33-8b64-330d9d63a0bf Path:	4104	1		3	2	15	0	1402	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4068	4700	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:34 PM	9d04040e-981f-0004-4f18-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): DEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "edit-constraints c:\\openstack\\build\\\\requirements\\\\upper-constraints.txt -- networking-hyperv \"-e file:///C:/openstack/build/networking-hyperv#egg=networking-hyperv\"", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: b9d7addf-b75e-4313-a683-8a20bb5f1cd2 Path:	4104	1		3	2	15	0	1401	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4068	4700	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:34 PM	9d04040e-981f-0004-4918-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): iA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzI ScriptBlock ID: b9d7addf-b75e-4313-a683-8a20bb5f1cd2 Path:	4104	1		3	2	15	0	1400	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4068	4700	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:34 PM	9d04040e-981f-0004-4918-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0c ScriptBlock ID: b9d7addf-b75e-4313-a683-8a20bb5f1cd2 Path:	4104	1		3	2	15	0	1399	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4068	4700	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:34 PM	9d04040e-981f-0004-4918-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1398	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4068	4376	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:34 PM	9d04040e-981f-0004-4718-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4068 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1397	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4068	4932	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:34 PM	9d04040e-981f-0004-4718-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1396	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4068	4376	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:34 PM	9d04040e-981f-0004-4718-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1395	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4368	3064	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:32 PM	9d04040e-981f-0004-3118-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4368 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1394	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4368	4156	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:32 PM	9d04040e-981f-0004-3118-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1393	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4368	3064	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:32 PM	9d04040e-981f-0004-3118-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 34f67c6a-37e7-4722-8904-de7f9dcdd748 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = b38c4d1f-9dea-4c1a-af2b-0061a116cb6e Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1392	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4632	3368	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:32 PM	9d04040e-981f-0003-7551-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: ca7ca4c2-10a4-4ebb-9276-b6f91c50b294 Path:	4104	1		3	2	15	0	1391	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4632	3388	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:31 PM	9d04040e-981f-0001-7511-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: daeee4f8-92e6-4ce8-bd8f-30f7db308008 Path:	4104	1		3	2	15	0	1390	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4632	3388	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:31 PM	9d04040e-981f-0001-6e11-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: dc225dd9-f533-411d-8daa-220d2f8fc415 Path:	4104	1		3	2	15	0	1389	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4632	3388	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:31 PM	9d04040e-981f-0001-5f11-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): CAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "Select-String -path c:\\openstack\\build\\networking-hyperv\\\\setup.cfg -pattern \"^name.*=.*\" | % {$_.matches.value.split(\"=\")[1].trim()}", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 3b11ff79-c858-435b-821b-7deb2af46957 Path:	4104	1		3	2	15	0	1388	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4632	3388	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:31 PM	9d04040e-981f-0001-5911-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): WlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgI ScriptBlock ID: 3b11ff79-c858-435b-821b-7deb2af46957 Path:	4104	1		3	2	15	0	1387	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4632	3388	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:31 PM	9d04040e-981f-0001-5911-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): oXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGY ScriptBlock ID: 3b11ff79-c858-435b-821b-7deb2af46957 Path:	4104	1		3	2	15	0	1386	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4632	3388	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:31 PM	9d04040e-981f-0001-5911-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): gICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXR ScriptBlock ID: 3b11ff79-c858-435b-821b-7deb2af46957 Path:	4104	1		3	2	15	0	1385	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4632	3388	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:31 PM	9d04040e-981f-0001-5911-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICA ScriptBlock ID: 3b11ff79-c858-435b-821b-7deb2af46957 Path:	4104	1		3	2	15	0	1384	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4632	3388	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:31 PM	9d04040e-981f-0001-5911-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1383	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4632	5024	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:31 PM	9d04040e-981f-0004-2f18-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4632 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1382	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4632	2880	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:31 PM	9d04040e-981f-0004-2f18-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1381	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4632	5024	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:31 PM	9d04040e-981f-0004-2f18-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1380	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3088	912	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:29 PM	9d04040e-981f-0004-2a18-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3088 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1379	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3088	2864	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:29 PM	9d04040e-981f-0004-2a18-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1378	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3088	912	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:29 PM	9d04040e-981f-0004-2a18-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1377	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2636	4324	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:29 PM	9d04040e-981f-0003-5a51-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2636 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1376	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2636	3208	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:29 PM	9d04040e-981f-0003-5a51-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1375	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2636	4324	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:29 PM	9d04040e-981f-0003-5a51-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: e29fa4e8-8e59-4c30-9156-7b30cd396f5d Path:	4104	1		3	2	15	0	1374	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2536	5028	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:29 PM	9d04040e-981f-0005-d150-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 4265f36d-13ab-430c-836d-31890f37066c Path:	4104	1		3	2	15	0	1373	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2536	4568	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:29 PM	9d04040e-981f-0003-4751-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 427db886-385a-482e-a9c9-842e781f0fbe Path:	4104	1		3	2	15	0	1372	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2536	4568	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:28 PM	9d04040e-981f-0003-4251-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): QoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_copy_mode": "single", "_ansible_remote_tmp": "%TEMP%", "_ansible_syslog_facility": "LOG_USER", "_ansible_keep_remote_files": false, "_ansible_socket": null, "_original_basename": "pip-install-os-win.log", "_ansible_check_mode": false, "src": "C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1629725307.24-50333331632835\\source", "_ansible_no_log": false, "_ansible_module_name": "copy", "_ansible_verbosity": 4, "dest": "c:\\openstack\\log\\pip-install-os-win.log", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1629725307.24-50333331632835'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 6f2e7eba-7937-4972-ac8a-feb1fcfd8377 Path:	4104	1		3	2	15	0	1371	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2536	4568	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:28 PM	9d04040e-981f-0003-3c51-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): gdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgf ScriptBlock ID: 6f2e7eba-7937-4972-ac8a-feb1fcfd8377 Path:	4104	1		3	2	15	0	1370	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2536	4568	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:28 PM	9d04040e-981f-0003-3c51-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWU ScriptBlock ID: 6f2e7eba-7937-4972-ac8a-feb1fcfd8377 Path:	4104	1		3	2	15	0	1369	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2536	4568	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:28 PM	9d04040e-981f-0003-3c51-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1368	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2536	3596	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:28 PM	9d04040e-981f-0004-1d18-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2536 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1367	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2536	1752	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:28 PM	9d04040e-981f-0004-1d18-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1366	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2536	3596	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:28 PM	9d04040e-981f-0004-1d18-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): begin { $path = 'C:\Users\Admin\AppData\Local\Temp\ansible-tmp-1629725307.24-50333331632835\source' $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 $fd = [System.IO.File]::Create($path) $sha1 = [System.Security.Cryptography.SHA1CryptoServiceProvider]::Create() $bytes = @() #initialize for empty file case } process { $bytes = [System.Convert]::FromBase64String($input) $sha1.TransformBlock($bytes, 0, $bytes.Length, $bytes, 0) | Out-Null $fd.Write($bytes, 0, $bytes.Length) } end { $sha1.TransformFinalBlock($bytes, 0, 0) | Out-Null $hash = [System.BitConverter]::ToString($sha1.Hash).Replace("-", "").ToLowerInvariant() $fd.Close() Write-Output "{""sha1"":""$hash""}" } ScriptBlock ID: c225677c-1065-4e18-96c2-86904d0c3115 Path:	4104	1		3	2	15	0	1365	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4992	3080	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:28 PM	9d04040e-981f-0001-3811-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1364	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4992	1136	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:28 PM	9d04040e-981f-0004-1a18-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4992 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1363	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4992	1060	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:28 PM	9d04040e-981f-0004-1a18-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1362	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4992	1136	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:28 PM	9d04040e-981f-0004-1a18-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1361	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4868	4480	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:27 PM	9d04040e-981f-0003-3351-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4868 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1360	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4868	880	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:27 PM	9d04040e-981f-0003-3351-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1359	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4868	4480	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:27 PM	9d04040e-981f-0003-3351-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1358	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1376	1084	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:27 PM	9d04040e-981f-0004-1218-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1376 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1357	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1376	4780	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:27 PM	9d04040e-981f-0004-1218-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1356	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1376	1084	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:27 PM	9d04040e-981f-0004-1218-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: c1a7230e-642e-440d-8446-c890dd6ad66c Path:	4104	1		3	2	15	0	1355	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2116	1408	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:27 PM	9d04040e-981f-0002-6b0c-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 216e451c-8711-441f-b994-0e0f6eef6b44 Path:	4104	1		3	2	15	0	1354	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2116	3972	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:26 PM	9d04040e-981f-0002-5c0c-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 9503dd4b-658c-4bbf-960f-e5c85a0725ab Path:	4104	1		3	2	15	0	1353	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2116	3972	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:26 PM	9d04040e-981f-0002-4d0c-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): 0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"symlinks": [], "files": [{"dest": "pip-install-os-win.log", "checksum": "c58c1aa6d7b3294f9d19c0325821b710c329a7d4", "src": "/home/jenkins-slave/.ansible/tmp/ansible-local-10077YbyhZe/tmph1WMRo"}], "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "force": true, "_ansible_no_log": false, "dest": "c:/openstack/log", "directories": [], "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_copy_mode": "query", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null, "_ansible_version": "2.7.0", "_ansible_module_name": "win_copy"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 37ee880f-7c58-4463-a7fa-597566b54526 Path:	4104	1		3	2	15	0	1352	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2116	3972	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:26 PM	9d04040e-981f-0002-470c-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN ScriptBlock ID: 37ee880f-7c58-4463-a7fa-597566b54526 Path:	4104	1		3	2	15	0	1351	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2116	3972	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:26 PM	9d04040e-981f-0002-470c-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3 ScriptBlock ID: 37ee880f-7c58-4463-a7fa-597566b54526 Path:	4104	1		3	2	15	0	1350	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2116	3972	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:26 PM	9d04040e-981f-0002-470c-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1349	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2116	4392	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:26 PM	9d04040e-981f-0004-f317-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2116 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1348	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2116	4468	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:26 PM	9d04040e-981f-0004-f317-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1347	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2116	4392	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:26 PM	9d04040e-981f-0004-f317-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1346	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5036	220	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:12 PM	9d04040e-981f-0004-b917-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 5036 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1345	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5036	4664	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:12 PM	9d04040e-981f-0004-b917-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1344	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5036	220	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:12 PM	9d04040e-981f-0004-b917-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 8ff69fe9-b895-4063-84f0-758b0bdaae1b Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 0f5e1de6-d6ba-4ea2-a8de-fedf32b76609 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1343	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1380	4576	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:12 PM	9d04040e-981f-0003-eb50-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 492026c4-e750-4b0c-aabc-f8743499c324 Path:	4104	1		3	2	15	0	1342	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1380	3444	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:12 PM	9d04040e-981f-0001-fb10-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 9873bba3-a81b-4397-ae5d-a84807a4fc94 Path:	4104	1		3	2	15	0	1341	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1380	3444	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:12 PM	9d04040e-981f-0001-f410-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 7f5fb21b-6004-4cf0-b017-5e636f026aea Path:	4104	1		3	2	15	0	1340	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1380	3444	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:11 PM	9d04040e-981f-0001-e510-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): G9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "pip install -c c:\\openstack\\build\\requirements\\upper-constraints.txt -U -e c:\\openstack\\build\\os-win", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: e5d8eea1-0feb-4c47-b67f-dc2cd0dff37e Path:	4104	1		3	2	15	0	1339	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1380	3444	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:11 PM	9d04040e-981f-0001-df10-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): KICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwd ScriptBlock ID: e5d8eea1-0feb-4c47-b67f-dc2cd0dff37e Path:	4104	1		3	2	15	0	1338	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1380	3444	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:11 PM	9d04040e-981f-0001-df10-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTs ScriptBlock ID: e5d8eea1-0feb-4c47-b67f-dc2cd0dff37e Path:	4104	1		3	2	15	0	1337	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1380	3444	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:11 PM	9d04040e-981f-0001-df10-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1336	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1380	5008	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:11 PM	9d04040e-981f-0004-b517-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1380 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1335	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1380	4880	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:11 PM	9d04040e-981f-0004-b517-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1334	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1380	5008	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:11 PM	9d04040e-981f-0004-b517-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1333	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1056	2188	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:09 PM	9d04040e-981f-0004-a617-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1056 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1332	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1056	3956	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:08 PM	9d04040e-981f-0004-a617-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1331	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1056	2188	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:08 PM	9d04040e-981f-0004-a617-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = a27938fd-f171-40cd-8aa9-204a3c5ca997 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 7a5c3039-964e-4795-81a5-92e21831f8dd Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1330	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1984	1084	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:08 PM	9d04040e-981f-0000-d91b-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 959b7bd1-d815-4cac-b20f-4d5b1b1d312f Path:	4104	1		3	2	15	0	1329	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1984	1376	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:08 PM	9d04040e-981f-0004-9217-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 0970139f-b0f1-4f53-be78-64c9b910dd12 Path:	4104	1		3	2	15	0	1328	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1984	1376	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:08 PM	9d04040e-981f-0004-8b17-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 185d9467-4f0e-4990-a664-3b5027636986 Path:	4104	1		3	2	15	0	1327	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1984	1376	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:07 PM	9d04040e-981f-0004-7c17-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): gICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "edit-constraints c:\\openstack\\build\\\\requirements\\\\upper-constraints.txt -- os-win \"-e file:///C:/openstack/build/os-win#egg=os-win\"", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: ba05309e-0d03-41a3-9d4a-7ac7a8e845d2 Path:	4104	1		3	2	15	0	1326	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1984	1376	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:07 PM	9d04040e-981f-0004-7617-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICA ScriptBlock ID: ba05309e-0d03-41a3-9d4a-7ac7a8e845d2 Path:	4104	1		3	2	15	0	1325	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1984	1376	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:07 PM	9d04040e-981f-0004-7617-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2 ScriptBlock ID: ba05309e-0d03-41a3-9d4a-7ac7a8e845d2 Path:	4104	1		3	2	15	0	1324	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1984	1376	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:07 PM	9d04040e-981f-0004-7617-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1323	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1984	1020	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:07 PM	9d04040e-981f-0004-7417-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1984 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1322	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1984	4580	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:07 PM	9d04040e-981f-0004-7417-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1321	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1984	1020	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:07 PM	9d04040e-981f-0004-7417-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1320	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4160	4784	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:05 PM	9d04040e-981f-0004-6817-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4160 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1319	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4160	4340	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:05 PM	9d04040e-981f-0004-6817-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1318	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4160	4784	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:05 PM	9d04040e-981f-0004-6817-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 1d1f55b3-3a3b-4d1e-b7fa-3958cefed8fe Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 30b21141-bb72-4b61-81e6-a5eaaf494769 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1317	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4516	4716	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:05 PM	9d04040e-981f-0000-ae1b-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: fce8cb8f-15d5-4a9a-8560-9b39a080fc7d Path:	4104	1		3	2	15	0	1316	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4516	744	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:05 PM	9d04040e-981f-0003-a750-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 88721670-9894-4b28-8fdc-20140df9a227 Path:	4104	1		3	2	15	0	1315	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4516	744	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:05 PM	9d04040e-981f-0003-a050-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 0b5b60bd-e593-4fe6-b5e2-313f47b0f886 Path:	4104	1		3	2	15	0	1314	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4516	744	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:04 PM	9d04040e-981f-0003-9250-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): ule cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 021909b7-5cd2-4bcc-bbc5-b2f947e07723 Path:	4104	1		3	2	15	0	1313	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4516	744	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:04 PM	9d04040e-981f-0003-8c50-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): CAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "Select-String -path c:\\openstack\\build\\os-win\\\\setup.cfg -pattern \"^name.*=.*\" | % {$_.matches.value.split(\"=\")[1].trim()}", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This mod ScriptBlock ID: 021909b7-5cd2-4bcc-bbc5-b2f947e07723 Path:	4104	1		3	2	15	0	1312	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4516	744	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:04 PM	9d04040e-981f-0003-8c50-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): CAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgI ScriptBlock ID: 021909b7-5cd2-4bcc-bbc5-b2f947e07723 Path:	4104	1		3	2	15	0	1311	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4516	744	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:04 PM	9d04040e-981f-0003-8c50-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): gIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogI ScriptBlock ID: 021909b7-5cd2-4bcc-bbc5-b2f947e07723 Path:	4104	1		3	2	15	0	1310	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4516	744	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:04 PM	9d04040e-981f-0003-8c50-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICA ScriptBlock ID: 021909b7-5cd2-4bcc-bbc5-b2f947e07723 Path:	4104	1		3	2	15	0	1309	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4516	744	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:04 PM	9d04040e-981f-0003-8c50-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1308	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4516	1476	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:04 PM	9d04040e-981f-0004-6617-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4516 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1307	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4516	4760	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:04 PM	9d04040e-981f-0004-6617-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1306	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4516	1476	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:04 PM	9d04040e-981f-0004-6617-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1305	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5032	4360	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:03 PM	9d04040e-981f-0004-5e17-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 5032 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1304	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5032	5092	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:03 PM	9d04040e-981f-0004-5e17-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1303	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5032	4360	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:02 PM	9d04040e-981f-0004-5e17-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1302	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3192	2832	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:02 PM	9d04040e-981f-0003-7c50-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3192 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1301	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3192	608	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:02 PM	9d04040e-981f-0003-7c50-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1300	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3192	2832	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:02 PM	9d04040e-981f-0003-7c50-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: 751df1e3-fc7e-4877-a0d2-e2813ada046e Path:	4104	1		3	2	15	0	1299	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4652	5048	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:02 PM	9d04040e-981f-0001-9810-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: a49274d5-d1fc-41b7-9939-a9b7da48a690 Path:	4104	1		3	2	15	0	1298	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4652	92	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:02 PM	9d04040e-981f-0003-6850-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 3bed9d55-4ce3-4837-9fd2-31bc808885ac Path:	4104	1		3	2	15	0	1297	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4652	92	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:02 PM	9d04040e-981f-0003-5950-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): gIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_copy_mode": "single", "_ansible_remote_tmp": "%TEMP%", "_ansible_syslog_facility": "LOG_USER", "_ansible_keep_remote_files": false, "_ansible_socket": null, "_original_basename": "pip-install-neutron.log", "_ansible_check_mode": false, "src": "C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1629725280.39-93272957354963\\source", "_ansible_no_log": false, "_ansible_module_name": "copy", "_ansible_verbosity": 4, "dest": "c:\\openstack\\log\\pip-install-neutron.log", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1629725280.39-93272957354963'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 4bd6951f-bfb5-44d7-ab8e-2d18f5b1378f Path:	4104	1		3	2	15	0	1296	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4652	92	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:01 PM	9d04040e-981f-0002-020c-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): cmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICA ScriptBlock ID: 4bd6951f-bfb5-44d7-ab8e-2d18f5b1378f Path:	4104	1		3	2	15	0	1295	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4652	92	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:01 PM	9d04040e-981f-0002-020c-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVp ScriptBlock ID: 4bd6951f-bfb5-44d7-ab8e-2d18f5b1378f Path:	4104	1		3	2	15	0	1294	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4652	92	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:01 PM	9d04040e-981f-0002-020c-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1293	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4652	5052	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:01 PM	9d04040e-981f-0004-5b17-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4652 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1292	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4652	1416	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:01 PM	9d04040e-981f-0004-5b17-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1291	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4652	5052	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:01 PM	9d04040e-981f-0004-5b17-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): begin { $path = 'C:\Users\Admin\AppData\Local\Temp\ansible-tmp-1629725280.39-93272957354963\source' $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 $fd = [System.IO.File]::Create($path) $sha1 = [System.Security.Cryptography.SHA1CryptoServiceProvider]::Create() $bytes = @() #initialize for empty file case } process { $bytes = [System.Convert]::FromBase64String($input) $sha1.TransformBlock($bytes, 0, $bytes.Length, $bytes, 0) | Out-Null $fd.Write($bytes, 0, $bytes.Length) } end { $sha1.TransformFinalBlock($bytes, 0, 0) | Out-Null $hash = [System.BitConverter]::ToString($sha1.Hash).Replace("-", "").ToLowerInvariant() $fd.Close() Write-Output "{""sha1"":""$hash""}" } ScriptBlock ID: d5218636-9996-4cdc-b129-273fb2f1acbb Path:	4104	1		3	2	15	0	1290	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3708	3872	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:01 PM	9d04040e-981f-0001-8510-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1289	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3708	4884	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:01 PM	9d04040e-981f-0004-5617-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3708 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1288	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3708	3876	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:01 PM	9d04040e-981f-0004-5617-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1287	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3708	4884	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:01 PM	9d04040e-981f-0004-5617-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1286	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1072	4196	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:00 PM	9d04040e-981f-0003-4f50-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1072 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1285	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1072	224	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:00 PM	9d04040e-981f-0003-4f50-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1284	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1072	4196	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:00 PM	9d04040e-981f-0003-4f50-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1283	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3388	1772	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:00 PM	9d04040e-981f-0004-4f17-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3388 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1282	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3388	4240	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:00 PM	9d04040e-981f-0004-4f17-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1281	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3388	1772	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:00 PM	9d04040e-981f-0004-4f17-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: ca006cd3-03d1-484e-8847-94e9e8409245 Path:	4104	1		3	2	15	0	1280	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1132	4724	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:00 PM	9d04040e-981f-0002-e00b-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: e32e3faa-55b9-4592-a7f4-47092b338ec2 Path:	4104	1		3	2	15	0	1279	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1132	4408	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:28:00 PM	9d04040e-981f-0002-df0b-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: fd4961e9-ed41-4d1a-9ec8-e4f5d5b3d2c4 Path:	4104	1		3	2	15	0	1278	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1132	4408	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:59 PM	9d04040e-981f-0002-d00b-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): KSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"symlinks": [], "files": [{"dest": "pip-install-neutron.log", "checksum": "19b8dd48b99ad8b248c3c662381912d969f4751a", "src": "/home/jenkins-slave/.ansible/tmp/ansible-local-10077YbyhZe/tmpealyGX"}], "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "force": true, "_ansible_no_log": false, "dest": "c:/openstack/log", "directories": [], "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_copy_mode": "query", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null, "_ansible_version": "2.7.0", "_ansible_module_name": "win_copy"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 05e0076e-d030-4037-9387-60a2dbdbf08a Path:	4104	1		3	2	15	0	1277	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1132	4408	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:59 PM	9d04040e-981f-0002-ca0b-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): FtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVy ScriptBlock ID: 05e0076e-d030-4037-9387-60a2dbdbf08a Path:	4104	1		3	2	15	0	1276	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1132	4408	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:59 PM	9d04040e-981f-0002-ca0b-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): gICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9I ScriptBlock ID: 05e0076e-d030-4037-9387-60a2dbdbf08a Path:	4104	1		3	2	15	0	1275	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1132	4408	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:59 PM	9d04040e-981f-0002-ca0b-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICA ScriptBlock ID: 05e0076e-d030-4037-9387-60a2dbdbf08a Path:	4104	1		3	2	15	0	1274	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1132	4408	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:59 PM	9d04040e-981f-0002-ca0b-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1273	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1132	1116	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:59 PM	9d04040e-981f-0004-4717-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1132 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1272	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1132	4452	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:59 PM	9d04040e-981f-0004-4717-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1271	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1132	1116	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:59 PM	9d04040e-981f-0004-4717-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1270	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4920	3964	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:07 PM	9d04040e-981f-0004-fe16-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4920 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1269	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4920	4944	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:07 PM	9d04040e-981f-0004-fe16-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1268	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4920	3964	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:07 PM	9d04040e-981f-0004-fe16-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 8e96d543-02be-41f1-92ef-814865e7b7c4 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 9194b2e3-796b-41b8-8e27-4d0b24f1161a Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1267	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1412	4040	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:07 PM	9d04040e-981f-0001-4a10-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: b3f4efdf-d0cc-4e44-b62c-5412e0fb1bee Path:	4104	1		3	2	15	0	1266	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1412	4432	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:07 PM	9d04040e-981f-0005-1150-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: c79730ef-736b-46a4-bc19-65e81a6869c6 Path:	4104	1		3	2	15	0	1265	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1412	4432	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:07 PM	9d04040e-981f-0005-0a50-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: ea998dc5-5af8-495c-b23d-93e96f1fedaf Path:	4104	1		3	2	15	0	1264	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1412	4432	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:06 PM	9d04040e-981f-0005-fb4f-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): CBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "pip install -c c:\\openstack\\build\\requirements\\upper-constraints.txt -U -e c:\\openstack\\build\\neutron", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 1e8546b6-bd0d-43ac-9829-60b497d9eed2 Path:	4104	1		3	2	15	0	1263	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1412	4432	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:06 PM	9d04040e-981f-0004-f516-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): CBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgI ScriptBlock ID: 1e8546b6-bd0d-43ac-9829-60b497d9eed2 Path:	4104	1		3	2	15	0	1262	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1412	4432	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:06 PM	9d04040e-981f-0004-f516-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgI ScriptBlock ID: 1e8546b6-bd0d-43ac-9829-60b497d9eed2 Path:	4104	1		3	2	15	0	1261	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1412	4432	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:06 PM	9d04040e-981f-0004-f516-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1260	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1412	2148	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:06 PM	9d04040e-981f-0003-f24f-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1412 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1259	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1412	3208	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:06 PM	9d04040e-981f-0003-f24f-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1258	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1412	2148	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:06 PM	9d04040e-981f-0003-f24f-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1257	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2716	2712	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:03 PM	9d04040e-981f-0004-ec16-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2716 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1256	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2716	1284	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:03 PM	9d04040e-981f-0004-ec16-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1255	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2716	2712	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:03 PM	9d04040e-981f-0004-ec16-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 7986663b-b865-41c0-81af-34d79f0f412d Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 300a6c02-08fb-4e9f-b79d-f3f2e48a9db6 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1254	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3792	2372	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:03 PM	9d04040e-981f-0002-970b-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 77835867-29a7-4747-9f1d-f480ce04f53b Path:	4104	1		3	2	15	0	1253	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3792	2236	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:03 PM	9d04040e-981f-0000-391b-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: c1adbb40-5ec1-468d-bf62-3dd9e0d6dea7 Path:	4104	1		3	2	15	0	1252	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3792	2236	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:03 PM	9d04040e-981f-0000-321b-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: e1b4674d-6ccb-4c11-85a0-c5f979fb0300 Path:	4104	1		3	2	15	0	1251	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3792	2236	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:02 PM	9d04040e-981f-0000-231b-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): le cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: d592737f-41c6-4f28-9778-e84dba1bfdc9 Path:	4104	1		3	2	15	0	1250	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3792	2236	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:02 PM	9d04040e-981f-0000-1d1b-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): cnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "edit-constraints c:\\openstack\\build\\\\requirements\\\\upper-constraints.txt -- neutron \"-e file:///C:/openstack/build/neutron#egg=neutron\"", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This modu ScriptBlock ID: d592737f-41c6-4f28-9778-e84dba1bfdc9 Path:	4104	1		3	2	15	0	1249	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3792	2236	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:02 PM	9d04040e-981f-0000-1d1b-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): gICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVD ScriptBlock ID: d592737f-41c6-4f28-9778-e84dba1bfdc9 Path:	4104	1		3	2	15	0	1248	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3792	2236	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:02 PM	9d04040e-981f-0000-1d1b-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQo ScriptBlock ID: d592737f-41c6-4f28-9778-e84dba1bfdc9 Path:	4104	1		3	2	15	0	1247	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3792	2236	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:02 PM	9d04040e-981f-0000-1d1b-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0 ScriptBlock ID: d592737f-41c6-4f28-9778-e84dba1bfdc9 Path:	4104	1		3	2	15	0	1246	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3792	2236	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:02 PM	9d04040e-981f-0000-1d1b-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1245	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3792	1532	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:02 PM	9d04040e-981f-0004-e016-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3792 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1244	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3792	3124	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:02 PM	9d04040e-981f-0004-e016-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1243	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3792	1532	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:02 PM	9d04040e-981f-0004-e016-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1242	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1924	768	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:00 PM	9d04040e-981f-0004-d816-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1924 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1241	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1924	1672	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:00 PM	9d04040e-981f-0004-d816-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1240	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1924	768	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:00 PM	9d04040e-981f-0004-d816-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 2b5f12ac-927c-4f72-8cf7-c853a0646efa Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 7a058d81-a64e-4b5f-9611-71d0bf439037 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1239	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3560	4576	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:27:00 PM	9d04040e-981f-0000-011b-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: d59a56b5-1653-48b2-869b-ef97a8b673f6 Path:	4104	1		3	2	15	0	1238	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3560	3504	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:59 PM	9d04040e-981f-0003-b94f-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 9727826f-3186-42a1-8b94-e5441c3fbac7 Path:	4104	1		3	2	15	0	1237	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3560	3504	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:59 PM	9d04040e-981f-0001-2110-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 7ef6f44d-7dc6-4044-9241-e3c7ad758490 Path:	4104	1		3	2	15	0	1236	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3560	3504	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:59 PM	9d04040e-981f-0003-a64f-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): dGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "Select-String -path c:\\openstack\\build\\neutron\\\\setup.cfg -pattern \"^name.*=.*\" | % {$_.matches.value.split(\"=\")[1].trim()}", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 62ef116f-5459-4966-a65d-e38b6ede1973 Path:	4104	1		3	2	15	0	1235	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3560	3504	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:59 PM	9d04040e-981f-0004-d416-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2Rh ScriptBlock ID: 62ef116f-5459-4966-a65d-e38b6ede1973 Path:	4104	1		3	2	15	0	1234	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3560	3504	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:59 PM	9d04040e-981f-0004-d416-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): gYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2 ScriptBlock ID: 62ef116f-5459-4966-a65d-e38b6ede1973 Path:	4104	1		3	2	15	0	1233	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3560	3504	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:59 PM	9d04040e-981f-0004-d416-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): AgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCw ScriptBlock ID: 62ef116f-5459-4966-a65d-e38b6ede1973 Path:	4104	1		3	2	15	0	1232	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3560	3504	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:59 PM	9d04040e-981f-0004-d416-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgIC ScriptBlock ID: 62ef116f-5459-4966-a65d-e38b6ede1973 Path:	4104	1		3	2	15	0	1231	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3560	3504	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:59 PM	9d04040e-981f-0004-d416-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1230	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3560	4752	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:58 PM	9d04040e-981f-0004-d216-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3560 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1229	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3560	1064	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:58 PM	9d04040e-981f-0004-d216-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1228	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3560	4752	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:58 PM	9d04040e-981f-0004-d216-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1227	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2952	3920	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:57 PM	9d04040e-981f-0004-c816-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2952 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1226	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2952	2856	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:57 PM	9d04040e-981f-0004-c816-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1225	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2952	3920	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:57 PM	9d04040e-981f-0004-c816-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1224	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4888	3232	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:57 PM	9d04040e-981f-0004-c716-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4888 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1223	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4888	4480	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:57 PM	9d04040e-981f-0004-c716-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1222	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4888	3232	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:57 PM	9d04040e-981f-0004-c716-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: b7cb04c5-87ff-4f2c-8194-d707ecf084dc Path:	4104	1		3	2	15	0	1221	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4860	3944	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:56 PM	9d04040e-981f-0001-f60f-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 73ae21cf-07a8-455a-87f3-b63fc26e33a7 Path:	4104	1		3	2	15	0	1220	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4860	1808	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:56 PM	9d04040e-981f-0001-e90f-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 9c6b58ea-1517-48da-aa12-fb1fc7cef736 Path:	4104	1		3	2	15	0	1219	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4860	1808	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:56 PM	9d04040e-981f-0001-da0f-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): WlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_copy_mode": "single", "_ansible_remote_tmp": "%TEMP%", "_ansible_syslog_facility": "LOG_USER", "_ansible_keep_remote_files": false, "_ansible_socket": null, "_original_basename": "pip-install-nova.log", "_ansible_check_mode": false, "src": "C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1629725214.87-254281765579963\\source", "_ansible_no_log": false, "_ansible_module_name": "copy", "_ansible_verbosity": 4, "dest": "c:\\openstack\\log\\pip-install-nova.log", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1629725214.87-254281765579963'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 95b9e0e2-e1ad-4764-bf2e-b15abd1c5872 Path:	4104	1		3	2	15	0	1218	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4860	1808	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:56 PM	9d04040e-981f-0001-d40f-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): gIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZ ScriptBlock ID: 95b9e0e2-e1ad-4764-bf2e-b15abd1c5872 Path:	4104	1		3	2	15	0	1217	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4860	1808	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:56 PM	9d04040e-981f-0001-d40f-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICA ScriptBlock ID: 95b9e0e2-e1ad-4764-bf2e-b15abd1c5872 Path:	4104	1		3	2	15	0	1216	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4860	1808	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:56 PM	9d04040e-981f-0001-d40f-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1215	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4860	4304	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:56 PM	9d04040e-981f-0004-c016-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4860 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1214	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4860	664	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:56 PM	9d04040e-981f-0004-c016-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1213	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4860	4304	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:56 PM	9d04040e-981f-0004-c016-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): begin { $path = 'C:\Users\Admin\AppData\Local\Temp\ansible-tmp-1629725214.87-254281765579963\source' $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 $fd = [System.IO.File]::Create($path) $sha1 = [System.Security.Cryptography.SHA1CryptoServiceProvider]::Create() $bytes = @() #initialize for empty file case } process { $bytes = [System.Convert]::FromBase64String($input) $sha1.TransformBlock($bytes, 0, $bytes.Length, $bytes, 0) | Out-Null $fd.Write($bytes, 0, $bytes.Length) } end { $sha1.TransformFinalBlock($bytes, 0, 0) | Out-Null $hash = [System.BitConverter]::ToString($sha1.Hash).Replace("-", "").ToLowerInvariant() $fd.Close() Write-Output "{""sha1"":""$hash""}" } ScriptBlock ID: 1a5e9411-1ffc-4b3f-8ee7-82847e62239e Path:	4104	1		3	2	15	0	1212	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1484	1928	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:55 PM	9d04040e-981f-0005-c44f-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1211	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1484	2200	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:55 PM	9d04040e-981f-0003-904f-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1484 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1210	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1484	3568	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:55 PM	9d04040e-981f-0003-904f-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1209	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1484	2200	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:55 PM	9d04040e-981f-0003-904f-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1208	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4600	2828	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:55 PM	9d04040e-981f-0004-b716-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4600 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1207	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4600	4580	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:55 PM	9d04040e-981f-0004-b716-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1206	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4600	2828	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:55 PM	9d04040e-981f-0004-b716-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1205	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3428	4688	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:55 PM	9d04040e-981f-0004-b616-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3428 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1204	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3428	3596	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:54 PM	9d04040e-981f-0004-b616-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1203	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3428	4688	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:54 PM	9d04040e-981f-0004-b616-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: 8dd3530b-42db-4467-aa5b-9c1004458a58 Path:	4104	1		3	2	15	0	1202	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1448	5020	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:54 PM	9d04040e-981f-0000-c71a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 77af668e-d684-4718-b501-03050daaec59 Path:	4104	1		3	2	15	0	1201	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1448	4968	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:54 PM	9d04040e-981f-0000-ba1a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: e6a3f163-a043-4fdf-9846-6c59156d0354 Path:	4104	1		3	2	15	0	1200	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1448	4968	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:54 PM	9d04040e-981f-0002-570b-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"symlinks": [], "files": [{"dest": "pip-install-nova.log", "checksum": "a4a6ad8c872baf7d15a6a7374c2f69418ca9aa02", "src": "/home/jenkins-slave/.ansible/tmp/ansible-local-10077YbyhZe/tmp1OQDX5"}], "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "force": true, "_ansible_no_log": false, "dest": "c:/openstack/log", "directories": [], "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_copy_mode": "query", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null, "_ansible_version": "2.7.0", "_ansible_module_name": "win_copy"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 07055329-a02a-4939-baf5-a1907a626328 Path:	4104	1		3	2	15	0	1199	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1448	4968	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:54 PM	9d04040e-981f-0000-b11a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): nRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0 ScriptBlock ID: 07055329-a02a-4939-baf5-a1907a626328 Path:	4104	1		3	2	15	0	1198	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1448	4968	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:54 PM	9d04040e-981f-0000-b11a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): ZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlb ScriptBlock ID: 07055329-a02a-4939-baf5-a1907a626328 Path:	4104	1		3	2	15	0	1197	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1448	4968	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:54 PM	9d04040e-981f-0000-b11a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFt ScriptBlock ID: 07055329-a02a-4939-baf5-a1907a626328 Path:	4104	1		3	2	15	0	1196	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1448	4968	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:54 PM	9d04040e-981f-0000-b11a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2 ScriptBlock ID: 07055329-a02a-4939-baf5-a1907a626328 Path:	4104	1		3	2	15	0	1195	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1448	4968	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:54 PM	9d04040e-981f-0000-b11a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1194	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1448	820	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:53 PM	9d04040e-981f-0004-a916-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1448 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1193	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1448	4636	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:53 PM	9d04040e-981f-0004-a916-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1192	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1448	820	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:26:53 PM	9d04040e-981f-0004-a916-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1191	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2228	656	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:45 PM	9d04040e-981f-0004-5416-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2228 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1190	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2228	4356	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:45 PM	9d04040e-981f-0004-5416-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1189	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2228	656	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:45 PM	9d04040e-981f-0004-5416-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = ab23c021-d084-4948-a95e-5ce3eb80fb1b Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 333784ae-a2a2-4ece-a899-0905f98ae373 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1188	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3548	4748	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:45 PM	9d04040e-981f-0003-e24e-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 54375f5e-f0a0-45eb-a317-5759f3884cbb Path:	4104	1		3	2	15	0	1187	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3548	4376	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:44 PM	9d04040e-981f-0001-740f-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 2f3a6690-6f0e-49ae-a381-cd9b83fd4d74 Path:	4104	1		3	2	15	0	1186	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3548	4376	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:44 PM	9d04040e-981f-0001-6d0f-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: bac8453a-b68b-450b-8475-10a4894ee4ac Path:	4104	1		3	2	15	0	1185	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3548	4376	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:44 PM	9d04040e-981f-0001-5e0f-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): ENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "pip install -c c:\\openstack\\build\\requirements\\upper-constraints.txt -U -e c:\\openstack\\build\\nova", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: d4633fc2-5236-42b3-b928-2af3be383af0 Path:	4104	1		3	2	15	0	1184	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3548	4376	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:44 PM	9d04040e-981f-0002-1c0b-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): 0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uI ScriptBlock ID: d4633fc2-5236-42b3-b928-2af3be383af0 Path:	4104	1		3	2	15	0	1183	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3548	4376	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:44 PM	9d04040e-981f-0002-1c0b-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV ScriptBlock ID: d4633fc2-5236-42b3-b928-2af3be383af0 Path:	4104	1		3	2	15	0	1182	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3548	4376	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:44 PM	9d04040e-981f-0002-1c0b-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1181	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3548	4148	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:44 PM	9d04040e-981f-0004-4f16-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3548 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1180	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3548	3924	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:44 PM	9d04040e-981f-0004-4f16-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1179	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3548	4148	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:44 PM	9d04040e-981f-0004-4f16-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1178	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1668	2636	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:41 PM	9d04040e-981f-0004-4516-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1668 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1177	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1668	3736	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:41 PM	9d04040e-981f-0004-4516-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1176	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1668	2636	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:41 PM	9d04040e-981f-0004-4516-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 05aecccc-9fc8-4725-9ba0-5dbee04ae889 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 78822703-1e1f-48a2-9d63-aae8c654e4e5 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1175	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3208	1820	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:41 PM	9d04040e-981f-0004-4416-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: e016bb45-1105-4c45-9da5-60afcc337542 Path:	4104	1		3	2	15	0	1174	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3208	716	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:40 PM	9d04040e-981f-0000-5d1a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 9ceac37d-24fc-4743-b7e8-5eb9de0703d8 Path:	4104	1		3	2	15	0	1173	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3208	716	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:40 PM	9d04040e-981f-0004-2716-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 10ad10d9-ddcb-4114-9ea6-18092d02ca27 Path:	4104	1		3	2	15	0	1172	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3208	716	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:40 PM	9d04040e-981f-0004-1816-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): mBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 874f2f8b-194a-4255-bd56-221b8512949d Path:	4104	1		3	2	15	0	1171	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3208	716	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:40 PM	9d04040e-981f-0004-1216-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): o6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "edit-constraints c:\\openstack\\build\\\\requirements\\\\upper-constraints.txt -- nova \"-e file:///C:/openstack/build/nova#egg=nova\"", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::Fro ScriptBlock ID: 874f2f8b-194a-4255-bd56-221b8512949d Path:	4104	1		3	2	15	0	1170	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3208	716	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:40 PM	9d04040e-981f-0004-1216-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): yaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXT ScriptBlock ID: 874f2f8b-194a-4255-bd56-221b8512949d Path:	4104	1		3	2	15	0	1169	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3208	716	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:40 PM	9d04040e-981f-0004-1216-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): lCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFd ScriptBlock ID: 874f2f8b-194a-4255-bd56-221b8512949d Path:	4104	1		3	2	15	0	1168	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3208	716	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:40 PM	9d04040e-981f-0004-1216-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUk ScriptBlock ID: 874f2f8b-194a-4255-bd56-221b8512949d Path:	4104	1		3	2	15	0	1167	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3208	716	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:40 PM	9d04040e-981f-0004-1216-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1166	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3208	1412	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:40 PM	9d04040e-981f-0004-1016-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3208 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1165	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3208	4616	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:40 PM	9d04040e-981f-0004-1016-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1164	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3208	1412	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:40 PM	9d04040e-981f-0004-1016-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1163	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4504	5076	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:38 PM	9d04040e-981f-0004-ff15-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4504 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1162	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4504	560	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:38 PM	9d04040e-981f-0004-ff15-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1161	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4504	5076	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:38 PM	9d04040e-981f-0004-ff15-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 59cd9dce-6079-4f76-83f2-e8e930c84bf3 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 7f291a6b-1a04-4715-b7e3-a7466de5eb54 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1160	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3396	4412	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:37 PM	9d04040e-981f-0003-af4e-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 3857d667-ef13-4c13-bfbd-2b15810a7a0b Path:	4104	1		3	2	15	0	1159	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3396	4788	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:37 PM	9d04040e-981f-0001-3b0f-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: c039a2e7-84e0-4c02-8a77-a2ba34f795b0 Path:	4104	1		3	2	15	0	1158	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3396	4788	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:37 PM	9d04040e-981f-0001-340f-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 3a745b09-e76d-4b77-8e7d-19ec69c8cf55 Path:	4104	1		3	2	15	0	1157	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3396	4788	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:37 PM	9d04040e-981f-0001-250f-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): n $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 98615c13-218a-4282-be3d-131dde92a64b Path:	4104	1		3	2	15	0	1156	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3396	4788	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:36 PM	9d04040e-981f-0001-1f0f-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): Ym92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "Select-String -path c:\\openstack\\build\\nova\\\\setup.cfg -pattern \"^name.*=.*\" | % {$_.matches.value.split(\"=\")[1].trim()}", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Jso ScriptBlock ID: 98615c13-218a-4282-be3d-131dde92a64b Path:	4104	1		3	2	15	0	1155	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3396	4788	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:36 PM	9d04040e-981f-0001-1f0f-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): sIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBh ScriptBlock ID: 98615c13-218a-4282-be3d-131dde92a64b Path:	4104	1		3	2	15	0	1154	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3396	4788	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:36 PM	9d04040e-981f-0001-1f0f-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): dXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQ ScriptBlock ID: 98615c13-218a-4282-be3d-131dde92a64b Path:	4104	1		3	2	15	0	1153	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3396	4788	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:36 PM	9d04040e-981f-0001-1f0f-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5w ScriptBlock ID: 98615c13-218a-4282-be3d-131dde92a64b Path:	4104	1		3	2	15	0	1152	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3396	4788	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:36 PM	9d04040e-981f-0001-1f0f-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1151	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3396	2988	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:36 PM	9d04040e-981f-0004-fd15-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3396 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1150	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3396	4140	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:36 PM	9d04040e-981f-0004-fd15-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1149	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3396	2988	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:36 PM	9d04040e-981f-0004-fd15-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1148	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2844	3860	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:35 PM	9d04040e-981f-0004-f415-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2844 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1147	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2844	4520	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:35 PM	9d04040e-981f-0004-f415-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1146	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2844	3860	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:35 PM	9d04040e-981f-0004-f415-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1145	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1400	4832	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:35 PM	9d04040e-981f-0004-f315-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1400 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1144	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1400	5032	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:34 PM	9d04040e-981f-0004-f315-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1143	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1400	4832	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:34 PM	9d04040e-981f-0004-f315-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: c59ed261-7399-4528-b4c7-7e3659a45384 Path:	4104	1		3	2	15	0	1142	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5116	4636	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:34 PM	9d04040e-981f-0001-f40e-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 708cff5b-65b1-44cb-90d3-e198158bc15d Path:	4104	1		3	2	15	0	1141	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5116	4064	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:34 PM	9d04040e-981f-0000-401a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 68d1a850-4da1-4ce9-af62-e3d41f1efafd Path:	4104	1		3	2	15	0	1140	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5116	4064	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:34 PM	9d04040e-981f-0005-374f-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): GUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_copy_mode": "single", "_ansible_remote_tmp": "%TEMP%", "_ansible_syslog_facility": "LOG_USER", "_ansible_keep_remote_files": false, "_ansible_socket": null, "_original_basename": "pip-install-requirements.log", "_ansible_check_mode": false, "src": "C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1629725012.41-60048190901252\\source", "_ansible_no_log": false, "_ansible_module_name": "copy", "_ansible_verbosity": 4, "dest": "c:\\openstack\\log\\pip-install-requirements.log", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1629725012.41-60048190901252'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 652b5a98-7921-47a7-b299-2692b89777d4 Path:	4104	1		3	2	15	0	1139	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5116	4064	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:33 PM	9d04040e-981f-0005-314f-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): uICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0a ScriptBlock ID: 652b5a98-7921-47a7-b299-2692b89777d4 Path:	4104	1		3	2	15	0	1138	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5116	4064	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:33 PM	9d04040e-981f-0005-314f-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): JpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGl ScriptBlock ID: 652b5a98-7921-47a7-b299-2692b89777d4 Path:	4104	1		3	2	15	0	1137	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5116	4064	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:33 PM	9d04040e-981f-0005-314f-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRH ScriptBlock ID: 652b5a98-7921-47a7-b299-2692b89777d4 Path:	4104	1		3	2	15	0	1136	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5116	4064	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:33 PM	9d04040e-981f-0005-314f-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1135	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5116	600	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:33 PM	9d04040e-981f-0003-8b4e-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 5116 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1134	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5116	1416	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:33 PM	9d04040e-981f-0003-8b4e-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1133	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5116	600	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:33 PM	9d04040e-981f-0003-8b4e-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): begin { $path = 'C:\Users\Admin\AppData\Local\Temp\ansible-tmp-1629725012.41-60048190901252\source' $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 $fd = [System.IO.File]::Create($path) $sha1 = [System.Security.Cryptography.SHA1CryptoServiceProvider]::Create() $bytes = @() #initialize for empty file case } process { $bytes = [System.Convert]::FromBase64String($input) $sha1.TransformBlock($bytes, 0, $bytes.Length, $bytes, 0) | Out-Null $fd.Write($bytes, 0, $bytes.Length) } end { $sha1.TransformFinalBlock($bytes, 0, 0) | Out-Null $hash = [System.BitConverter]::ToString($sha1.Hash).Replace("-", "").ToLowerInvariant() $fd.Close() Write-Output "{""sha1"":""$hash""}" } ScriptBlock ID: 52bdc0d9-505e-41ca-b161-5b4b1c87b02c Path:	4104	1		3	2	15	0	1132	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4672	4952	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:33 PM	9d04040e-981f-0003-814e-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1131	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4672	3356	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:33 PM	9d04040e-981f-0004-ee15-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4672 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1130	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4672	4876	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:33 PM	9d04040e-981f-0004-ee15-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1129	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4672	3356	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:33 PM	9d04040e-981f-0004-ee15-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1128	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1156	376	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:32 PM	9d04040e-981f-0004-e815-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1156 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1127	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1156	3180	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:32 PM	9d04040e-981f-0004-e815-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1126	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1156	376	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:32 PM	9d04040e-981f-0004-e815-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1125	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5056	176	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:32 PM	9d04040e-981f-0004-e715-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 5056 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1124	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5056	1440	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:32 PM	9d04040e-981f-0004-e715-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1123	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5056	176	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:32 PM	9d04040e-981f-0004-e715-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: d6c21cbf-2b04-453b-a219-4d1334067c1d Path:	4104	1		3	2	15	0	1122	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3092	5028	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:32 PM	9d04040e-981f-0004-c615-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 63d38ae5-101c-4680-b857-426ee3aa457e Path:	4104	1		3	2	15	0	1121	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3092	4188	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:32 PM	9d04040e-981f-0004-b915-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 1d09543a-b9e5-4be8-a709-d2530c96ad3d Path:	4104	1		3	2	15	0	1120	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3092	4188	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:31 PM	9d04040e-981f-0004-aa15-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): gLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"symlinks": [], "files": [{"dest": "pip-install-requirements.log", "checksum": "2bd5d2097534042898b6bb2c6dc3723e51375744", "src": "/home/jenkins-slave/.ansible/tmp/ansible-local-10077YbyhZe/tmpmHM_mQ"}], "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "force": true, "_ansible_no_log": false, "dest": "c:/openstack/log", "directories": [], "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_copy_mode": "query", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null, "_ansible_version": "2.7.0", "_ansible_module_name": "win_copy"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 680e020d-45bf-4495-9c7b-a5bd41c98f11 Path:	4104	1		3	2	15	0	1119	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3092	4188	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:31 PM	9d04040e-981f-0004-a415-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): cGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyA ScriptBlock ID: 680e020d-45bf-4495-9c7b-a5bd41c98f11 Path:	4104	1		3	2	15	0	1118	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3092	4188	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:31 PM	9d04040e-981f-0004-a415-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBp ScriptBlock ID: 680e020d-45bf-4495-9c7b-a5bd41c98f11 Path:	4104	1		3	2	15	0	1117	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3092	4188	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:31 PM	9d04040e-981f-0004-a415-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1116	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3092	1680	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:31 PM	9d04040e-981f-0004-a215-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3092 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1115	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3092	3892	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:31 PM	9d04040e-981f-0004-a215-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1114	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3092	1680	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:31 PM	9d04040e-981f-0004-a215-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1113	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5008	4224	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:03 PM	9d04040e-981f-0003-4a4e-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 5008 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1112	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5008	3964	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:03 PM	9d04040e-981f-0003-4a4e-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1111	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5008	4224	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:03 PM	9d04040e-981f-0003-4a4e-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 6fc19428-d604-4293-b8af-412c339d6c0d Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 27e2a0e2-4914-40cc-80ac-9514affa1b04 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1110	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3676	4896	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:03 PM	9d04040e-981f-0004-7715-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 502db23a-8101-471c-aa34-539beb7e6f41 Path:	4104	1		3	2	15	0	1109	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3676	656	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:02 PM	9d04040e-981f-0002-bd0a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 1d2187e0-8cdb-460a-8752-3872cfe84b98 Path:	4104	1		3	2	15	0	1108	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3676	656	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:02 PM	9d04040e-981f-0002-b60a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: c2b4d246-53ef-4cfe-bf73-320c8e7e90f8 Path:	4104	1		3	2	15	0	1107	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3676	656	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:02 PM	9d04040e-981f-0002-a70a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): oZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "pip install -c c:\\openstack\\build\\requirements\\upper-constraints.txt -U -e c:\\openstack\\build\\requirements", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 3887ede3-bd78-4793-8e33-e93a9183129a Path:	4104	1		3	2	15	0	1106	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3676	656	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:02 PM	9d04040e-981f-0002-a10a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGN ScriptBlock ID: 3887ede3-bd78-4793-8e33-e93a9183129a Path:	4104	1		3	2	15	0	1105	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3676	656	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:02 PM	9d04040e-981f-0002-a10a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51 ScriptBlock ID: 3887ede3-bd78-4793-8e33-e93a9183129a Path:	4104	1		3	2	15	0	1104	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3676	656	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:02 PM	9d04040e-981f-0002-a10a-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1103	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3676	5112	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:01 PM	9d04040e-981f-0004-6515-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3676 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1102	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3676	316	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:01 PM	9d04040e-981f-0004-6515-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1101	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3676	5112	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:23:01 PM	9d04040e-981f-0004-6515-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1100	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5028	3508	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:22:59 PM	9d04040e-981f-0004-5515-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 5028 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1099	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5028	1476	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:22:59 PM	9d04040e-981f-0004-5515-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1098	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5028	3508	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:22:59 PM	9d04040e-981f-0004-5515-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 106bccca-2698-41c1-9ae3-ff5ac60a2bba Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = c65b61a4-b553-4f3a-aaf9-32f72178cbb0 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-805629-1\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1097	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5056	2188	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:22:59 PM	9d04040e-981f-0003-354e-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 67446b6e-57e9-4b97-91ff-49ece2ebce15 Path:	4104	1		3	2	15	0	1096	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5056	1088	n-h1-805629-1	S-1-5-21-2706852200-4036266769-1208222358-1001	8/23/2021 1:22:58 PM	9d04040e-981f-0001-770e-049d1f98d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]